On 17 Apr, Alan Curry wrote:
+-----
| I always wonder what the procedure is for upgrading the kernel on these
| hyper-secure machines. Whoever has permission to do that can do anything he
| wants.
|
| "Root is God" is not just unix tradition, it's an inevitable reality. And if
| what they want is a system on which administration must be done at the
| console, take windoze... please. We don't want it.
+--->8
Sorry, but the console is indeed it. Ultimately, if you're running a
proper secure system, you wind up with physical security being the
final control --- so the parts with the greatest security risks, such
as upgrading kernels, require physical access.
As nice as remote administration is, it's going to be less secure than
physical access security. There's just no way around it with current
network security mechanisms, and there may never be a way around it
barring some fundamental breakthroughs in network authentication and
access control.
We're not talking about securing against hackers here; we're talking
*spook* security --- the stuff the Orange Book security levels were
intended to implement (in stages). It's different from security as you
think of it not merely in amount, but in *kind*.
-- brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering kf8nh We are Linux. Resistance is an indication that you missed the point.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:12 EST