Out of this whole, long, drawn out e-mail, I have but one thing to
say... You come right out and state that you give out your root
password. What other information do you give out? You may "completely
trust" them, but does that make them trustworty? Since you ever so
eligantly pointed out that Derek does not know what is going on in your
head, how is it that you know what is going on in the heads of others?
"Kevin D. Clark" wrote:
>
> Derek Martin writes:
>
> > Yeah, anyone responsible for developing products, and not responsible for
> > the security of the network will chime in here. It's not your job to
> > worry about security, so you don't.
>
> <sarcasm>
> Gosh, I'm so glad you know what's going on in my head.
> </sarcasm>
>
> (your assertion that I "don't worry about security" is false)
>
> > We do.
>
> There's the second sweeping generalization in your email.
>
> (I've met sysadmins who cared even less about security than I do)
>
> > Basically, you're only concerned about your little corner of the world (or
> > the company or whatever). The fact remains, there are ways around ALL of
> > the issues you have all raised. They do not make your job impossible, but
> > they assuredly make it less convenient.
>
> I have a hard enough time meeting schedules as it is, but now you're
> telling me that I should accept more inconveniences in my life for the
> sake of security. Well, you have yet to prove that I have a security
> problem just because I have root access to my machine. Secondly, you
> have yet to prove that this added level of inconvenience is worth it.
>
> Sure, I admit that I could give up my root password and call the
> sysadmins every time I needed to do something esoteric as root, but
> I'm telling you right now I work in a face paced environment and I
> really have to meet deadlines. I don't have time for that.
>
> > If you need security, that's
> > tough cookies. And my personal opinion is, if you're connected to the
> > outside world in any way, then you DO need security.
>
> What do you mean by "connected to the outside world" anyways? I'm
> behind a firewall that is run by the sysadmins. My access to the
> outside world is severely limited by what the sysadmins here do.
>
> > Ultimately, it's up to the company's management to decide what level of
> > security they require. If the desired level is high (as with shops like
> > Raytheon), you simply will have to live with it, or work somewhere else
> > that doesn't care about security.
> >
> > But you can't tell me it can't be done, because there ARE shops that
> > ALREADY work this way, EVERY SINGLE DAY.
>
> No no no. You're the one who made this statement:
>
> : Engineers almost never really need the root
> : password to do their jobs.
>
> ...and I said that I used my root access several times per week. Most
> of the time I do fairly standard sorts of things, but quite often I do
> things that I am *certain* that nobody would have thought to wrap with
> sudo beforehand. I have deadlines to meet; I can't be waiting for
> somebody to answer my trouble ticket so I can perform something as
> root.
>
> Also, you've had two other guys on this list tell you that they used
> their root access all the time to get their work done. I just want to
> suggest you that engineers might need their root passwords a lot more
> often than you might think *and* sudo might not cut the mustard.
>
> > > In my world, the sysadmin staff are busy running the network and
> > > keeping servers up and running.
> >
> > This is either because of bad management or a bad sysadmin team.
>
> I suppose I should mention that when they're not running the network
> or maintaining the servers, they're fixing broken computers, etc.
>
> But I'd wager that most IT departments are understaffed. I don't know
> of any sysadmins that come into work every day just to watch the IT
> department "run itself".
>
> > > The only caveat I should mention is that the sysadmin staff pretty
> > > aggressively says to the engineering staff "don't hose the network".
> > > This means "don't kill the backbone routers" and "don't attach a modem
> > > to your system and comprimise security" and "don't mess with the
> > > firewall".
> >
> > That's great, but it overlooks the fact that most security problems are
> > INTERNAL. Disgruntled employees, company spies, and the like.
>
> Please stop with these vague assertions. Please tell me in concrete
> terms what kind of security problems I'm going to run into if:
>
> o I have root access to my machine.
> o I'm getting work done and making money for the company.
> o My machine is on the regular network, not in some lab.
> o I'm behind a firewall that is supposedly impregnable,
> since, after all, it is run by sysadmins like yourself.
> o I am very careful with my root access. I always use SSH, I
> have no trust relationships with any other system (no .rhosts
> files, etc.), I don't give out my root password to people I
> don't completely trust, I always verify sources before I
> install third-party software.
> o I always lock my machine when I leave, even for 20 seconds.
> o Most of the interesting intellectual property that I deal with
> doesn't even reside on my box, but instead resides upon
> servers that are run by IT (source code, design documents, etc).
>
> Please stop being so vague. Please specifically mention why I
> shouldn't have root access, and how, given my situation
> (above), somebody could make some special exploit based on the fact
> that I have root access to my own box.
>
> > No offense to anyone, but the only thing you all have demonstrated to me
> > is that you have no concept of what data security means and how important
> > it is to your company. Or at least should be. Companies lose MILLIONS
> > over this stuff every year. All because the engineers don't want to be
> > inconvenienced, or because managers don't understand how easy it is to
> > compromize your network, and just exactly how easy it is to get at your
> > data and copy/sell/destroy it.
>
> Look, let's not get into an insult battle here.
>
> However, I want to suggest something here: your worldview doesn't seem
> to jive with my idea of how how real software is developed. I
> *strongly* concur with the statements made by Bob Bell and Jerry
> Feldman -- it seems pretty obvious to me that we're all doing "unit
> test" sorts of things these boxes. These boxes are on the live
> network(*) and I'd wager that none of the three of us has ever caused
> a network or security problem as a result of having root access on
> these boxes. We know what we're doing.
>
> * The network that I send this email on is the same email that I test
> some of my products on. On the occasions that I have to deal with
> network devices that might be unstable, I stick these things into the
> lab. This only makes sense...
>
> I urge you to rexamine your beliefs about not giving engineers root
> access. Your views have merits, but from my viewpoint, they don't
> work out so well.
>
> > Have root on your machine? That should SCARE you. Seriously.
>
> I know what I can do as root and I take the responsibility seriously.
> But, hell no, I'm never scared.
>
> Regards,
>
> --kevin
> --
> Kevin D. Clark | |
> [EMAIL PROTECTED] | [EMAIL PROTECTED] | Give me a decent UNIX
> Enterasys Networks | PGP Key Available | and I can move the world
> Durham, N.H. (USA) | |
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
It is by Caffeine alone that I set my mind in motion-
It is by the beans of Java, that my thoughts acquire speed-
The hands acquire shakes; the shakes become a warning-
It is by Caffeine alone that I set my mind in motion..."
***********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
