On Wed, 21 Jun 2000, Paul Lussier wrote:
> True, but who gets the responsibility when the untrusted, non-secure host is
> used to access confidential data which was only accessible because of the
> inadequate security imposed by the existance of that host?
> ... I can tell you, the sysadmin would get the blame *and* the boot ...
And if you're depending on desktop workstations to remain secure simply
because the user "doesn't know the root password", you *deserve* to get the
boot when it comes.
Anyone who has physical access to the machine already *has* effective
superuser access. Don't use simple host trust relationships in any
environment that isn't physically locked down as tight as a drum.
> Root access to any machine constitutes a threat to both, and *that* is
> what we're trying to eliminate.
I think you place *way* too much trust in that simple alphanumeric string
that is the root password. You seem to imply that unlimited, unchecked "sudo"
access is fine and dandy, but that knowing what the string in /etc/shadow was
hashed from will blow you out of the water. At the same time, you seem to
imply that you're using blind host trust relationships. Such that any machine
on your network claiming to be authorized as root is considered to be telling
the truth. If that's the case, Paul, you've got bigger problems then someone
knowing what the root password is on their workstation.
However, I'd like to think I know you well enough to say that you're smart
enough not to be doing that. That machines aren't trusted simply because they
say they should be. And, if that is the case, then somebody knowing the root
password on their workstation isn't the catastrophe you make it out to be.
> Anyone have a Palm Pilot they sync with their system at work? It's simple
> for root to access those files, copy them somewhere else and install them
> on another pilot elsewhere.
That's right. And, of course, the admin staff *does* have the root
password.
> I'd much rather be playing with neat things like Linux clustering than
> making sure my network is secure :)
I find that, in many cases (note: many != all != most) where some developer
wants root on his development box, one of the major reasons they want it is
*because* they know the admins are too busy running around admin'ing things to
worry about the latest thing the developer needs changed on his box. They're
trying to save you the trouble, so you can have the time to play with neat
things.
Now, obviously, if the box they're using as a testbed is a shared,
multiuser, production machine, opening up superuser access to them is a big
step. You have to make sure they can be trusted, both politically and
technically. That is often (even usually) too big a risk given the rewards.
In such a situation, the developer(s) really needs a testbed machine designated
as such, so that when the box gets hosed, nobody was depending on it to be
their file server.
> By the way, we as sysadmins have a job to do too.
You're right. It's supporting your company's operations. Don't ever forget
you're not the reason the network is there.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
