On Mon, 13 Nov 2006 17:28:47 +0100, R.S. <[EMAIL PROTECTED]> wrote: >... >As you wrote it's because auditors want it. I understand your point, >however I'm curious whether there's any real reason. >
I strongly agree with John on this. Even if no auditors were involved, giving a person UID(0)is giving far too much authority than is needed. To do that is to give the person a gun and paint a target on his or her foot (or on the whole shop's collective foot). Requiring setting SU in TSO or doing a setuid(0) or seteuid(0) in batch hopefully puts the user in "be careful" mode. >... >My suggestion is to avoid using BPXPRM SUPERUSER as "generic UID(0) for >STC". Assuming some hacker will get UID(0) the system will assign him >the "SUPERUSER" userid. That's why it is good to define it as much as >restricted. >... Good heavens. I don't think there was any suggestion to have the default userid have BPXPRM.SUPERUSER access. The default id should have as little autoroty as possible. The "generic UID(0)for STC" would hopefully not be useable by a person - would not have a password. I'm way out of my area of expertese here, but I think all the major security products have that capability. I think we need to repeat John's "no person with UID(0)" plea often and loudly because we have to counteract those Program Directories (and non-IBM equivalents) that still say UID(0) is required. Many product still have installation instructions claiming this because the packagers are to lazy to determine their true needs. And don't care that they are are advocating a security and integrity exposure. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
