Lo and behold, Allanah Myles once said: > > The traditional argument is that "with the way things > currently are, it may be nearly impossible to redesign > services to not require privilages." Well, then, if > you want a secure system, be prepared to build one---from > scratch, if need be. Perhaps even the existing notion of > UNIX-based privilages is insufficient for any real > security - design a better model, and implement it. Other people have argued this point far better than I'm willing to in a short mail message, so I'll just point out a pretty good reference. This is mostly in the arena of research, not available products, so if you're looking for a quick fix, hit "delete" now. :) TIS (now "TIS labs at Network Associates" if we want to be formal. :-) has a great paper entitled "Confining Root Programs with Domain Type Enforcement". One major premise of the paper is that your root programs are likely to experience problems and compromises, so the best way to get around that is by reducing the spread of what those "root" programs can do. Similar arguments have been made for years on the least priviledge front, so I'll leave that side of things alone. http://www.tis.com/research/secure/compsys.html -Dave -- angioat_private <-- play danderseat_private <-- work
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:11 PDT