/etc/shutdown permissions

Norman Yarvin ins_anmy at jhunix.JHU.EDU
Tue Nov 29 03:48:46 AEST 1988


In article <435 at amanue.UUCP> jr at amanue.UUCP (Jim Rosenberg) writes:

>... Good security means defense in depth.

To quote Mark Twain: "Put all your eggs in one basket, and WATCH THAT BASKET!"
This is the usual Unix metaphor for security: rectrict yourself to one level of
defense, but make that level completely airtight.  For instance, /etc/passwd
is readable by the world.  This is highly reasonable, as _the_ line of defense
against password reading is the encryption of passwords.  None other is needed.
And the readability of the password file has the mental-attitude advantage that
it focuses effort on the need for an uncrackable encryption algorithm.

As emphasis, let me state that:

	- To have many imperfect levels of security is to have no security.

	- To have many imperfect levels and one perfect level of security is
		to have perfect security; but the imperfect levels might as well
		be bagged.

	- To have many perfect levels of security is to have perfect security,
		but again the extra perfect levels are surplus, and can be
		discarded.

And it is possible, if one assumes the operating system to have no leaks, to
have a perfect level of security (i.e. Unix with no setuid programs and no
uid root daemons)

				Norman Yarvin
	(seismo!umcp-cs | allegra!hopkins) !jhunix!ins_anmy

  "Christmas -- the day when we celebrate the birth of a 2000 year old
   superstition by watching pine trees slowly die in our living rooms"



More information about the Unix-pc.general mailing list