Path: utzoo!utgpu!watmath!clyde!att!rutgers!tut.cis.ohio-state.edu!stegosaur.cis.ohio-state.edu!romig
From: romig@stegosaur.cis.ohio-state.edu (Steven M. Romig)
Newsgroups: comp.sys.next
Subject: Re: diskless NeXT? (was Re: Announcement vs reality)
Keywords: Next
Message-ID: <28659@tut.cis.ohio-state.edu>
Date: 29 Nov 88 21:16:29 GMT
References: <17846@glacier.STANFORD.EDU> <3638@pt.cs.cmu.edu> <28185@tut.cis.ohio-state.edu> <267@aber-cs.UUCP> <28493@tut.cis.ohio-state.edu> <13977@cisunx.UUCP>
Sender: news@tut.cis.ohio-state.edu
Distribution: eunet,world
Organization: The Ohio State University Dept of Computer and Information Science
Lines: 42

cmf@cisunx.UUCP (Carl M. Fongheiser) writes:
> Why do you need root access to get people's passwords?  It hardly even
> makes it easier! 

Good point.  I wasn't very clear about what I meant in my note.  I
don't care so much about the passwords themselves - I'm more concerned
about the system software.

There are two cases - either you have a local disk of some sort, or
you boot diskless (with the possibility that you may boot remotely,
but swap to a local disk).  In the case of a local disk of some sort,
I expect that someone can and possibly will become root and muck about
with the system software.  Random users cannot detect (and thereby
fix) that, and may get screwed by it (ala Trojan horses and so on).
As a system administrator, I can't prevent this, since they wouldn't
have to deal with a Kerberos authentication server on the net to do
their damage.  Basically, by booting from a local disk, I put the
system software into the users hands.  A user has no "guarantee" that
he can boot this workstation and use the "correct" system software.

In the case of a diskless workstation, I've got to deal with network
services to boot and mount file systems and all that - I have a flying
chance of maintaining some semblance of security using something like
Kerberos.  Someone may still choose to bring an optical disk and boot
off of that, but they can probably be prevented from futzing with the
system software across the network.  That means that the next user to
come along can boot the workstation and can be "guaranteed" to have a
correct copy of the system to work with.

Neither of these says anything about someone taking advantage of
security holes to become root and futz with the system software, of
course.  That's a different problem.

The point isn't that people can spoof other folks out of their
passwords - of course they can, even without root access.  The point I
was making is that using local disks puts the software in the hands of
the user.  Some people may choose to do that - I would rather not, but
I won't have any choice about it if NeXT doesn't support diskless
workstations.

--- Steve Romig				romig@cis.ohio-state.edu
    CIS Dept., The Ohio State University