Complex security mechanism is unsecure
Masataka Ohta
mohta at necom830.cc.titech.ac.jp
Wed Dec 19 01:01:45 AEST 1990
In article <18826 at rpp386.cactus.org>
jfh at rpp386.cactus.org (John F Haugh II) writes:
>That's a pretty big collection of files, but making the owner "root"
>does not make the collection smaller.
Smaller? It is not my opinion. My opnion is, it is less complex.
>This isn't news.
This is the news.
In article <18827 at rpp386.cactus.org>
jfh at rpp386.cactus.org (John F Haugh II) writes:
>>Then, for example, think about a case where NFS mounted file system
>>is exported with root access converted to nobody (but, uucp to uucp,
>>daemon to daemon). Then, list what system administrators should take care.
>How about starting with exporting the file system read-only and only
>to systems which are properly administered.
Nice start. Please continue, until you recognize it complex.
Masataka Ohta
More information about the Comp.unix.internals
mailing list