Path: utzoo!utgpu!watmath!iuvax!mailrus!tut.cis.ohio-state.edu!oz.cis.ohio-state.edu!jgreely
From: jgreely@oz.cis.ohio-state.edu (J Greely)
Newsgroups: comp.sys.next
Subject: Re: Student's view of NeXT marketing pl
Message-ID: 
Date: 12 Aug 89 02:01:05 GMT
References: <4866@tank.uchicago.edu> <116900006@p.cs.uiuc.edu>
Reply-To: J Greely 
Organization: Ohio State University Computer and Information Science
Lines: 27
In-reply-to: gillies@p.cs.uiuc.edu's message of 10 Aug 89 14:15:00 GMT

In article <116900006@p.cs.uiuc.edu> gillies@p.cs.uiuc.edu writes:
>Actually, I've been thinking a little bit about NeXT security.

There are times it's kept me awake nights...

>If your site can guarantee that nobody boots a rogue disk from another
>college, then you should be secure.

Uhh, I can't guarantee that no one boots a disk from another
*department*.  And, frankly, until 1.0 comes out, it doesn't matter
where their disk comes from.  Under 0.9, possession of a bootable OD
is equivalent to root access on any NeXT you can physically reach.
This is fixed in 1.0 ("real soon now").

>The basic security measure is the optical disk, WHICH CANNOT BE READ
>OR WRITTEN BY ANY OTHER COMPUTER OR DISK DRIVE.

The basic security *problem* is the OD.  Cheap, portable disks large
enough to hold a bootable Unix.  And don't rely on the obscurity of
the media to protect you.  That's fuzzy thinking, considering how fast
CDs have taken over the audio market.

>Now if NeXT would only provide a way to maintain this security.

"Fixed in 1.0".
-=-
J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)