On Thursday, October 18, 2001, at 02:27 PM, Wilfredo S�nchez wrote: > On Wednesday, October 17, 2001, at 04:35 PM, Greg Bossert wrote: >> and i can attest that at SGI a lot of work went into tightening the OS >> up as shipped, and in providing scripts to help the admin further >> secure the machine. however, that only goes so far; security of the >> local configuration is a local administration issue. the default >> installed configuration of MacOS X seems to me to be quite reasonable, >> security-wise, relative to UNIX distribution norms. > The default config and common usage case should be safe, but I > disagree that OS X has reasonable out-of-the-box local security.
as i said, i meant "reasonable" only in comparison with the average default configuration for UNIX distributions i've encountered. it's not perfect, but MacoS X could have been much worse, from a design and a default setup viewpoint. and, as i also said, from a practical viewpoint i view any attempt to secure a machine which is physically accessible to random, possibly malicious, folks as, at the very best, a sort of "security through inconvenience" delaying tactic. for the most part the system is safe from innocent accidents (though i am concerned about Randall's original "Recent Items" exploit in this light). in an attempt to bring this back on topic: one approach to some of these issues (including Kee's remarks about trusting GUI apps) is to stay within the more familiar UNIX shell world. which suggests, for example, a Perl interface to NetInfo. is anyone working independently on such, or are we all waiting on Apple? -g -- www.suddensound.com --
