[EMAIL PROTECTED] writes:
> For example, if you are root on a fileserver (or in our cell on
> any machine), you can, without any tokens at all, use 'vos dump'
> to dump any volume. You can read the files in the dumped volume
> with no difficulty. If you know what you're doing, you can then
> modify the dump and restore it, overwriting the original volume.
At the risk of repeating what other people already said...
I don't think you correctly understand what is entailed by having root
access to any machine - in this case the file server.
Of course you can access all the files that are physically stored on a
machine that you have root on. You also have access to all of the
traffic going in and out of the machine (you can snoop all packets
going in and out) You could kill the file server process and put up a
"trojan" file server. There are many things that can be done which
are entirely outside of the control of any software vendor. At some
point the software must rely on security (physical and otherwise) of
the critical machines. And if you start giving out the root password
on the file server to your users, it is not the software, but *you*
who are providing a security hole.
Dmitri
