On Thu, Jun 22, 2000 at 11:35:30AM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Okay, let me ask a few questions:
>
> Do you know every person in the building?
> Do you know all the security staff?
> Do you know all the custodial staff?
Yes. So there!
Okay, not really, we'll continue. :-)
> The majority of security measures are aimed at keeping people from the
> outside off the network. Yet the majority of industrial espionage occurs
> from *within* the company. If I were bent on obtaining corporate secrets
> from some company, the first thing I'd do is get a job on their custodial or
> security staff, or just get a job at the company. Once I have physical access
> to the network, everything else is just mere details. Look around your
> company tonight as you leave. How many people lock their screens or log out
> before going home? I'm willing to bet at least 10 people whose offices you
> pass have left their systems logged in with no screen lock (I'm not saying
> that screen locks are secure, but at least it's something). No, pick any one
> of those 10 or more people. Imagine they have root access, and one window is
> left logged in as root. Next comes the janitor/industrial spy. There's
> absolutely no effort for him/her to now access most everything he/she needs
> now that they have root.
Hmmm... Sure I'd bet not everyone locks their screens (I do, and
rather quickly). Even without even granting sudo permissions or
giving out the root password, Mr. Janitor/Spy would be able to get
access to more than enough to cause problems. Figure that a desktop
machine on which I am still a normal user has access to all official
project source code. By firing up my email client, a spy could
quickly open source Tru64 :-) . Root or sudo access isn't even
required for this, so why bring it up.
> Now they can su to any user at all and access anything they need to.
Oh, is that why. I suppose this would cause a problem if I am
explicitly interested in Joe User's widget prototype, which is only
available when logged in as root or joeuser. First of all, note that
again I still don't need root if I wait for Joe User to be the one to
forget to lock his screen. Also, I do have root to my desktop here,
but I am unable to access another employee's files. I am able to
become root on my own machine, and then even su to another user (say,
pll, just for the sake of argument :-) ). However, pll's files
aren't available, as they are exported to my machine. They are only
exported to pll's workstation(s) and the production servers. However,
I am unable to become root or pll on those machines. I can't log in
as root to those machines because I don't know the root password. I
can't even try to su to root because I'm not part of the system group.
To summarize, I'm not seeing how giving me root in this setup
makes it any more likely for me to cause harm, beyond what I could
already do as a normal user (rogue employee or janitor/spy accessing
an unlocked screen).
> The point of security is to keep honest people honest, dishonest people out,
> and hopefully force those with malicious intent to jump through enough
> hoops such that they get caught.
Well, at least we continue to agree on the point, if not the
implementation in all cases.
--
Bob Bell Compaq Computer Corporation
Software Engineer 110 Spit Brook Rd - ZKO3-3/U14
TruCluster Group Nashua, NH 03062-2698
[EMAIL PROTECTED] 603-884-0595
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
