[55483] in North American Network Operators' Group
Re: What could have been done differently?
daemon@ATHENA.MIT.EDU (Scott Francis)
Wed Jan 29 15:11:33 2003
Date: Wed, 29 Jan 2003 12:08:56 -0800
From: Scott Francis <darkuncle@darkuncle.net>
To: just me <matt@snark.net>
Cc: nanog@merit.edu
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
just me <matt@snark.net>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.33L0.0301291044200.8790-100000@pants.snark.net>
Errors-To: owner-nanog-outgoing@merit.edu
--mvpLiMfbWzRoNl4x
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jan 29, 2003 at 10:47:30AM -0800, matt@snark.net said:
> On Tue, 28 Jan 2003, Scott Francis wrote:
>=20
> He argued instead that OSes should be redesigned to implement the
> principle of least privilege from the ground up, down to the
> architecture they run on.
>=20
> [...]
>=20
> The problem there is the same as with windowsupdate - if one can spoof =
the
> central authority, one instantly gains unrestricted access to not one, =
but
> myriad computers.
>=20
> [...]
>=20
> So far, the closest thing I've seen to this concept is the ssh
> administrative host model: adminhost:~root/.ssh/id_dsa.pub is
> copied to every targethost:~root/.ssh/authorized_keys2, such that
> commands can be performed network-wide from a single station.
>=20
> Do you even read what you write? How does a host with root access to
> an entire set of hosts exemplify the least privilege principle?
Your selections from my post managed to obscure the fact that I was making
more than one point. I did _not_ state that the ssh key mgmt system outlined
above exemplifies least privilege. I was merely making a comparison between
that model and the topic under discussion, central
administrative/authenticating authorities. Additionally, the section higher
up regarding least privilege was in connection with OS design, and was quot=
ed
from another author's presentation at ToorCon last year. You're stringing
together statements on disparate subjects and then jumping to conclusions.
Please do not put words into my mouth.
> matto
>=20
> --mghali@snark.net------------------------------------------<darwin><
--=20
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--mvpLiMfbWzRoNl4x
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE+ODTYWaB7jFU39ScRAv0mAJwKKlszT3iEAud2ghG0loz1ar//uwCfUuJw
2XRzKaDxhBXZcJxLy1z0kZM=
=ILiY
-----END PGP SIGNATURE-----
--mvpLiMfbWzRoNl4x--
