Path: utzoo!utgpu!watmath!iuvax!mailrus!tut.cis.ohio-state.edu!oz.cis.ohio-state.edu!jgreely From: jgreely@oz.cis.ohio-state.edu (J Greely) Newsgroups: comp.sys.next Subject: Re: Student's view of NeXT marketing pl Message-ID:Date: 12 Aug 89 02:01:05 GMT References: <4866@tank.uchicago.edu> <116900006@p.cs.uiuc.edu> Reply-To: J Greely Organization: Ohio State University Computer and Information Science Lines: 27 In-reply-to: gillies@p.cs.uiuc.edu's message of 10 Aug 89 14:15:00 GMT In article <116900006@p.cs.uiuc.edu> gillies@p.cs.uiuc.edu writes: >Actually, I've been thinking a little bit about NeXT security. There are times it's kept me awake nights... >If your site can guarantee that nobody boots a rogue disk from another >college, then you should be secure. Uhh, I can't guarantee that no one boots a disk from another *department*. And, frankly, until 1.0 comes out, it doesn't matter where their disk comes from. Under 0.9, possession of a bootable OD is equivalent to root access on any NeXT you can physically reach. This is fixed in 1.0 ("real soon now"). >The basic security measure is the optical disk, WHICH CANNOT BE READ >OR WRITTEN BY ANY OTHER COMPUTER OR DISK DRIVE. The basic security *problem* is the OD. Cheap, portable disks large enough to hold a bootable Unix. And don't rely on the obscurity of the media to protect you. That's fuzzy thinking, considering how fast CDs have taken over the audio market. >Now if NeXT would only provide a way to maintain this security. "Fixed in 1.0". -=- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)