Path: utzoo!attcan!uunet!husc6!tut.cis.ohio-state.edu!allosaur.cis.ohio-state.edu!bob
From: bob@allosaur.cis.ohio-state.edu (Bob Sutterfield)
Newsgroups: comp.sys.next
Subject: Re: diskless NeXT? (was Re: Announcement vs reality)
Summary: Security isn't solved yet
Keywords: Next
Message-ID: <28506@tut.cis.ohio-state.edu>
Date: 28 Nov 88 17:54:15 GMT
References: <17846@glacier.STANFORD.EDU> <3638@pt.cs.cmu.edu> <28185@tut.cis.ohio-state.edu> <267@aber-cs.UUCP> <269@aber-cs.UUCP> <28493@tut.cis.ohio-state.edu>
Sender: news@tut.cis.ohio-state.edu
Organization: The Ohio State University Dept of Computer & Information Science
Lines: 45

In article <267@aber-cs.UUCP> pcg@cs.aber.ac.uk (Piercarlo Grandi) writes:
>In article <28185@tut.cis.ohio-state.edu> bob@allosaur.cis.ohio-state.edu (Bob Sutterfield) writes:
>>Hopefully there will be a way to ignore suid and sgid bits on
>>filesystems mounted from the optical disk, at the very least.  There
>>are lots of other things to worry about.

Note those last two phrases.  That one detail is only part of a plan
that can be implemented using capabilities that are available to us
right now.  See below...

>...security in a networked environment is obtained by suitable
>protocol emanating from trusted bases, not by network based physical
>restrictions...,

Agreed.

>...and people have expended vast research efforts on these issues.

And they're approaching some potential strategies toward a workable
solution.

>Projects Andrew and Athena have done a lot of good work on network
>security where there are thousands of non trusted machines around,
>and there are no restrictions on their use. Go and learn about them.

We've looked into the work done at CMU and MIT.  The stuff that Athena
has produced looks promising, and we expect to adopt some of it.
However,
(1) As Steve pointed out, it doesn't solve all the problems yet.
(2) It's not all generally available yet.
(3) Not everything is hooked into it yet (e.g. X, NeWS, NeXT Step).
(4) The most interesting and useful parts require source modifications
    to the software supplied by the various vendors.  We have had
    immense problems getting sources for everything in our stable, and
    so far only HP and Encore have come through with even part of
    their stuff.  Nothing yet from Sun or Pyramid or BBN, though at
    least our Sun source tapes are "in the mail".  NeXT sources may be
    awfully hard to come by.

Faced with the lack of ability to make the vendors' software more
useful in our own environment (because they won't let us), we are
forced to resort for now to more distasteful, "heavy handed"
strategies.  I'm looking forward to GNU.  Even if RMS doesn't like
security measures, we'll have full sources so we will be able to add
whatever we want to.