Re: Default: unsecure

To:	Robert Siemer <Robert.Siemer@xxxxxx>
Subject:	Re: Default: unsecure
From:	Richard Gooch <rgooch@xxxxxxxxxxxxxxx>
Date:	Thu, 20 Sep 2001 11:02:21 -0600
Cc:	devfs@xxxxxxxxxxx
In-reply-to:	<20010920184715A.siemer@xxxxxxxxxxxxxxxxxx>
References:	<20010920170320N.siemer@xxxxxxxxxxxxxxxxxx> <200109201531.f8KFVbP02796@xxxxxxxxxxxxxxxxxxxxxxxx> <20010920184715A.siemer@xxxxxxxxxxxxxxxxxx>
Sender:	owner-devfs@xxxxxxxxxxx

Robert Siemer writes:
> From: Richard Gooch <rgooch@xxxxxxxxxxxxxxx>
> > Robert Siemer writes:
> 
> > > Is there any reason to let the default permissions so unrestictive??
> > > E.g. line printer and scsi tape are world read-/writeable by default!
> > 
> > Of course. Convenience.
> > 
> > > Here you need to change them anyway, so it would be very reasonable
> > > to start with root.root 600.
> > 
> > What do you mean "here you need to change them anyway"?
> 
> Okay, in an insecure scenario you don't need to change permissions...
> (-:

I don't think r/w access to a tape device really qualifies as
"insecure".

> > > Okay, it's not the fault of devfs core, but why are drivers
> > > registering their nodes this way?
> > 
> > Convenience. Is there a real problem with the relaxed default? On
> > most Unix systems I've used, the tape devices are rw-rw-rw-.
> 
> Most Unix systems I've used had root exploits which you can get from
> securityfocus.com. (-:  That's not the point.

Not from r/w access to a tape device.

> On a one user machine: log in as root... [-:

I'm thinking more about public workstations in a research lab.

> > The sysadmin does not want to be bothered by user requests "can you
> > please give me access to the tape drive so I can back up my data?".
> 
> Backup should be the task of the admin!

Not if you have lots and lots of data. The admins backup home areas
and software, but data is left to the users, who know what is worth
backing up and what is not.

> Why should I and all the other "real" sysadmin be _bothered_ by
> insecure defaults? It's already hard enough to double check every
> step to _stay_ in a secure system...

Why should I and all the other real sysadmins who have hundreds of
users be *bothered* with giving tape access every time it's asked for?

> Further I've never seen a user backing up their data... <-:

You'd be surprised.

In any case, I don't want to argue about this. We have different
perspectives. Let's agree to disagree.

                                Regards,

                                        Richard....
Permanent: rgooch@xxxxxxxxxxxxx
Current:   rgooch@xxxxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
Default: unsecure, Robert Siemer Re: Default: unsecure, Richard Gooch Re: Default: unsecure, Robert Siemer Re: Default: unsecure, Richard Gooch <= Re: Default: insecure, Robert Siemer Re: Default: insecure, Pascal Bourguignon Re: Default: insecure, Richard Gooch Re: Default: insecure, Pascal Bourguignon Re: Default: insecure, Roberto Jung Drebes Re: Default: insecure, Richard Gooch

Previous by Date:	Re: Default: unsecure, Robert Siemer
Next by Date:	Re: Default: insecure, Robert Siemer
Previous by Thread:	Re: Default: unsecure, Robert Siemer
Next by Thread:	Re: Default: insecure, Robert Siemer
Indexes:	[Date] [Thread] [Top] [All Lists]