[229] in resnet
Re: remote access to public workstations at night
daemon@ATHENA.MIT.EDU (Gilbert Leung)
Sun Mar 6 21:32:42 1994
To: resnet@MIT.EDU
Date: Sun, 06 Mar 94 21:32:00 EST
From: Gilbert Leung <gleung@MIT.EDU>
As I said, you could change the login screen on the public machine as soon
as it is being used by a remote user, so that other people physical at the
cluster can't login. I'm still thinking about a 1-user-1-machine scheme
but one that allows the remote user to have complete access (including
running all X programs, etc.) on the workstation, only remotely.
yes, hackers can still hack the login stuff as far as security issues are
concerned. But, in terms of hacking, this does not make it any easier to
hack public machines than now. The insecurity spawns from the fact that
the root password is widely available. Having root password available on a
public machine is neat, but not necessary. And it also creates a loophole
for someone to have complete access to someone else's locker. Yes. Even
now! There are not that many things worse than this. So, if you are
concerned about security, all the root passwords on the public machines
have be kept secret.
What I suggested in my previous mail didn't make public athena workstations
more insecure. It simply makes it more convenient for hackers (I'm using
the malicious sense of "hack" here) to hack workstations as they could do
it remotely. But on the other hand, this also convenience all the
non-hackers out there who prefer working late at night in their own room
rather than walking from their dorm to main campus... I suppose this is
part of the original intent of resnet.
Also, there are clusters like m1-115, barker-5, barker-6, that are not used
at night at all. Also, clusters that are not close to any dorm, e.g.
m16-034, m4 are usually quite free at night.
Gilbert
