Re: Sysadmins

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sysadmins

From:	olafBuddenhagen
Subject:	Re: Sysadmins
Date:	Thu, 3 Nov 2005 07:56:02 +0100
User-agent:	Mutt/1.5.9i

Hi,

> I am not an security paranoic. But I cannot trust in someone that I do
> not know who is. I am the sysadmin of my computer, I trust on myself.
> My brother is the sysadmin of the other computer that I have, I trust
> him. But I do not know who is the sysadmin of the computer of my
> university. How can I know if it will not put backdoors on the
> programs? How can I know if there is no spyware on the computer? I
> _CANNOT_ trust on it.
> 
> So, I will only be safe in a system that I am _SURE_ that it have
> almost the same power that I have on the system. I will be safe only
> in a system where it only can configure some small things, like the
> disk quote, cpu quote, boot manager...

Someone who has control of the bootloader, can do *anything* to the
system.

This is only one example. There are others. The simple truth is: Either
you trust those controlling the machine, or you can't put your private
data there.

Considering how often, in other areas, you need to trust your life, your
money, whatever, to people you do not know, it shouldn't actually be
very surprising that computers are no exception to this.

> If you are thinking about a Device driver framework, I think that the
> user need the right do load their own drivers.
> 
> Example: I bought a new USB device and There is no driver on the
> system do it. I wrote the driver to it. Why I need to ask to the
> Sysadmin to load this driver? I think that the user need the right to
> load their own drivers. I am sure that this will require many
> mechanisms to turn this secure, but this is a good goal, IMHO.

The reason why you can't generally do so is that a great part of all
hardware is designed in such a fashion, that anyone having direct access
to it can screw the whole system.

There are exceptions, and different levels of hazard; that's why I
covered the possiblity of giving selective permissions in my driver
proposal. But it definitely doesn't work in the general case.

Moreover, often hardware is shared among several users, so it *can't* be
under the control of a single person (other than the admin).

(BTW, this is another example why the admin *must* be trusted.)

-antrik-

[Prev in Thread]

Current Thread

[Next in Thread]

Sysadmins, Leonardo Lopes Pereira, 2005/11/02
- Re: Sysadmins, William Grim, 2005/11/02
  - Re: Sysadmins, Leonardo Lopes Pereira, 2005/11/02
    - Re: Sysadmins, Bas Wijnen, 2005/11/03
    - Re: Sysadmins, olafBuddenhagen <=
    - Re: Sysadmins, Jonathan S. Shapiro, 2005/11/04
    - Re: Sysadmins, olafBuddenhagen, 2005/11/05
    - Re: Sysadmins, Jonathan S. Shapiro, 2005/11/05
    - Re: Sysadmins, Alfred M\. Szmidt, 2005/11/05
    - Re: Sysadmins, Jonathan S. Shapiro, 2005/11/05
    - Re: Sysadmins, Alfred M\. Szmidt, 2005/11/05
    - Re: Sysadmins, Jonathan S. Shapiro, 2005/11/05
    - Re: Sysadmins, Alfred M\. Szmidt, 2005/11/05
    - Re: Sysadmins, Jonathan S. Shapiro, 2005/11/05
    - Re: Sysadmins, Brian Brunswick, 2005/11/05

Prev by Date: Meaning of filesystems (was: Re: Sysadmins)
Next by Date: Re: Persistence Pros and Cons
Previous by thread: Re: Sysadmins
Next by thread: Re: Sysadmins
Index(es):
- Date
- Thread