Date: Sat, 23 Sep 2000 11:03:04 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "David G. Andersen" <dga@pobox.com> Cc: Cy.Schubert@uumail.gov.bc.ca, green@FreeBSD.ORG (Brian F. Feldman), ahd@kew.com (Drew Derbyshire), freebsd-security@FreeBSD.ORG Subject: Re: rsh/rlogin (was Re: sysinstall DOESN'T ASK, dangerous defaults!) Message-ID: <200009231803.e8NI3rV65692@cwsys.cwsent.com> In-Reply-To: Your message of "Sat, 23 Sep 2000 11:12:04 MDT." <200009231712.LAA11575@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200009231712.LAA11575@faith.cs.utah.edu>, "David G. Andersen" write s: > Lo and behold, Cy Schubert once said: > > > > More on capabilities. To do capabilities right apps like su, sudo, and > > ksu would need to be replaced by an admin application that would only > > allow the admin to manage the system, nothing more. I suppose one could > > have an su application that would have all the capabilities in the world > > but then again what would be the point? It would be a gaping security > > hole just waiting to be exploited. > > Boggle. You yourself state later: I'll give you the benefit of the doubt and agree I am somewhat undecided (confused) about what form the tools will look like. No one from the capabilities camp has shared their ideas about tools yet. If you're saying I've embarrassed myself. I think not. I thought I was opening up the discussion. > > > application that would be a gaping hole. Even though many of the risks > > posed by setuid applications would be mitigated. > > There you go. Even if you still have the > "administrator-as-god-after-authentication" routine (which, I think, is to > some degree an intractable problem), capabilities still take you vastly > farther down the road of least privilege than ordinary *nix all-or-none > style permissions. > > Without least-privilege administration tools, a capability-based system > isn't complete -- but it's still MUCH, MUCH better than what we have > now! Don't torpedo a good thing because it's not perfect. It never will > be; a system where I can 'chmod a-s /usr/sbin/sendmail' makes me a lot > happier already. In other words you agree with me after all. I have not seen any discussion about what the administration tools in a capabilities environment will look like and how will I as a manager be able to delegate responsibility and restrict access to certain functions to certain members of my team or to other individuals in an organisation. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009231803.e8NI3rV65692>