Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site decwrl.UUCP Path: utzoo!watmath!clyde!cbosgd!ihnp4!zehntel!dual!decwrl!dec-rhea!dec-jaws!kaiser From: kaiser@jaws.DEC (Pete Kaiser 225-5441 HLO2-1/N10) Newsgroups: net.unix-wizards Subject: Security Message-ID: <182@decwrl.UUCP> Date: Sun, 9-Dec-84 01:38:20 EST Article-I.D.: decwrl.182 Posted: Sun Dec 9 01:38:20 1984 Date-Received: Mon, 10-Dec-84 03:28:28 EST Sender: daemon@decwrl.UUCP Organization: DEC Engineering Network Lines: 39 I know of no widely-used OS whose security scheme doesn't ultimately rest in the hands of at least one trusted administrator. If that administrator isn't trustworthy, the system can be structurally wonderful and it won't mean a thing. Several years ago I worked as a consultant for a quasi-governmental agency that whose computer services were provided by a computer center that was nominally a consortium administered by a committee of the technical heads of the agencies that owned it. In fact the system manager of the computer center had the whole bunch completely intimidated with his technical knowledge, and they left mat- ters entirely in his hands. This wasn't clear to me yet at the time the tech- nical head of my agency asked me to write an "appreciation" of the quality of service the agency was getting. It was poor. The reasons were many and easily documented, and I did it; after all, the chief told me in these words "not to pull [my] punches." When he got my report he promptly gave a copy, complete with my signature, to the computer center. But I didn't know that. There came a time, though, when I was having just too much trouble getting my technical work done, because response time was so poor. There were times when I'd press a key and for minutes nothing would happen. But when I would talk with other programmers, they felt that response time was no worse than what they had come to expect. So I began noting down instances and times, and eventually turned this information into a memo to my employers. They took the matter up with the computer center. Events at this point went amok, and when the dust settled a little, I learned that the computer center's man- ager had been monitoring everything I did on the computer. He had done this by installing a patch in the operating system which monitored every login, and when it was me, journalled everything to a tape drive he reserved for the purpose. Those minutes-long pauses in response time had been at times when contention elsewhere in the system locked out the tape drive -- and therefore my process as well. Last I heard, he was still on the job. I left ... and on my own steam. ---Pete Kaiser%JAWS.DEC@decwrl.arpa, Kaiser%BELKER.DEC@decwrl.arpa {allegra|decvax|ihnp4|ucbvax}!decwrl!dec-rhea!dec-jaws!kaiser DEC, 77 Reed Road (HLO2-1/N10), Hudson MA 01749 617/568-5441