How to stop future viruses.

Anders Bj|rnerstedt anders at suadb.UUCP
Fri Nov 11 22:15:36 AEST 1988


I would like to add:

6. A less blunt use of the set-user-id mechanism.
   Sendmail apparently needs to do rights amplification,
   but I dont see why it needs superuser rights. The uucp
   binaries have thier own owner/domain "uucp". Why cant
   the binaries related to mail have a similar domain "mail".
   I am sure there are other suid programs which are today
   owned by root, but which dont actually need full superuser
   priviliges.


7. It should be *possible* to physically write lock filesystems
   including the root file system. The disk write lock could
   perhaps be used, but the fact that it is tied to a device
   usually creates problems. What is needed is a physical togle
   for a logical concept: secure filesystems. It should be
   possible to place stable things like system programs in file
   systems marked "secure". The kernel (which would itself be
   placed in a secure filesystem) would only allow writes to
   a secure filesystem if a physical togle was in the "open"
   position. Normally the togle would be in the closed position.
 
   The togle is opened only when changes are really needed and
   requires a person to physically do it on-site. Sometimes this
   would be perceived as an inconvenience, but for those willing
   to pay the price it should be possible
   
   ------------------------------------
    
      Anders Bjornerstedt
      Department of Computer & Systems Sciences
      University of Stockholm
      S-106 91  Stockholm
      Sweden


      INTERNET: anders at sisu.se    OR    anders%sisu.se at uunet.uu.net
      UUCP:{uunet,mcvax,cernvax}!enea!sics!sisus!anders.



More information about the Comp.unix.wizards mailing list