[55468] in North American Network Operators' Group
Re: What could have been done differently?
daemon@ATHENA.MIT.EDU (just me)
Wed Jan 29 13:53:45 2003
Date: Wed, 29 Jan 2003 10:47:30 -0800 (PST)
From: just me <matt@snark.net>
To: Scott Francis <darkuncle@darkuncle.net>
Cc: <nanog@merit.edu>
In-Reply-To: <20030129043340.GE80965@darkuncle.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 28 Jan 2003, Scott Francis wrote:
He argued instead that OSes should be redesigned to implement the
principle of least privilege from the ground up, down to the
architecture they run on.
[...]
The problem there is the same as with windowsupdate - if one can spoof the
central authority, one instantly gains unrestricted access to not one, but
myriad computers.
[...]
So far, the closest thing I've seen to this concept is the ssh
administrative host model: adminhost:~root/.ssh/id_dsa.pub is
copied to every targethost:~root/.ssh/authorized_keys2, such that
commands can be performed network-wide from a single station.
Do you even read what you write? How does a host with root access to
an entire set of hosts exemplify the least privilege principle?
matto
--mghali@snark.net------------------------------------------<darwin><
Flowers on the razor wire/I know you're here/We are few/And far
between/I was thinking about her skin/Love is a many splintered
thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
