Unix security additions

Barry Margolin barmar at think.com
Tue Apr 23 08:51:19 AEST 1991


In article <464 at frcs.UUCP> paul at frcs.UUCP (Paul Nash) writes:
>Thus spake barmar at think.com (Barry Margolin):
>> If the people you're trying to protect against are the operators, this
>> isn't much of a solution, since they have to know the password in order to
>> do the backups and restores.
>Not if you exec the pipeline from inside a suitable setuid program, which
>can also contain the key for crypt.  As the program should be unreadable
>by everyone (only executable & setuid), this shouldn't be a security breach
>of too vast a magnitude.

I generally don't consider solutions that involve unreadable programs as
reasonable.  Security should be based on the authorized person knowing
something (e.g. a password or encryption key) and/or having something (e.g.
a smartcard or retina pattern) that unauthorized people don't.

However, I admit that the above solution isn't *too* bad.
--
Barry Margolin, Thinking Machines Corp.

barmar at think.com
{uunet,harvard}!think!barmar



More information about the Comp.unix.internals mailing list