C2 secure systems and the superuser

Tom Christiansen tchrist at convex.COM
Thu Mar 14 12:29:20 AEST 1991


>From the keyboard of brnstnd at kramden.acf.nyu.edu (Dan Bernstein):
:In article <1991Mar13.185609.21132 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
:> From the keyboard of jfh at rpp386.cactus.org (John F Haugh II):
:> :In article <1991Mar13.042033.12450 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
:> :>I maintain that both "auth" and "sysadmin" give you indirect
:> :>root privileges.
:
:Undoubtedly you would stop complaining if ``auth'' were named
:``root-auth'' and ``sysadmin'' were named ``root-sysadmin''.

No, I don't think I would.  The C2 folks seem to think a system is
more secure this way, but I see it as having N accounts to try to
find holes into rather than just one.  This makes it easier for
the cracker.

:> :Perhaps "sysadmin" also lets you crash
:> :the machine by unmounting critical volumes or over-mounting
:> :others.  A quick look at the audit logs will reveal what
:> :happened.
:> Audit logs can be altered once you are powerful enough.  And
:> it's important to stop it from happening in the first place.
:
:The situation is no worse than the situation where ``sysadmin'' equals
:``root'' to begin with.

Except for that people think it's more secure when it's not.

--tom



More information about the Alt.sources.d mailing list