Slashdot Mirror
TrustedBSD Interview in Boardwatch
Anonymous Coward writes "The September edition of Boardwatch magazine includes an in-depth interview with Robert Watson, a TrustedBSD
developer."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
That's what trusted systems are designed to address. Think about it: why should your sysadmin be able to read, say, the payroll? Under a conventional Unix, there's nothing to stop that hapenning, apart from trust, and you can't rely on trust in a huge organization where many technical roles may be fulfilled by contractors or outsourced.
I believe that B2 certification requires that the sysadmin can be prevented from reading your files, apart from to backup and restore them - and even after a restore, the access control will be preserved.
If you knew anything about American politics, you'd know that power is split up into three branches - Judiciary, Legislative & Excecutive. The prez is the Executive branch and can't do much without the approval of the other two. Likewise for the others.
If *nix had a similar system of checks and balances perhaps it would be a bit more secure.
Having a single root is like having a dictatorship. It could be good if the dictator is good, but if it ends up corrupted the rest of the system is screwed.
--
``Rather than having just a single ?root? user, limited administration capability can be broken up among a number of administrative accounts - ensuring that even an administrator account compromise is non-fatal.
Nice!!! IMHO having a single root is the biggest flaw of *nix operating systems. It'll be interesting to see how all of the critical privileges will be split up in order to minimize the damage of a break-in.
--
TrustedBSD is not a fork in the traditional sense. It is a stream of parallel development and nearly all the patches will eventually be incorporated into FreeBSD when they are proven reliable.
- 1. Most attacks come from within.
- 2. Most network connected computers are not usually as secure as the server.
- 3. The users of any "secure" system MUST be taught security. (anti-social engineering, good data integrity practices, etc.)
While many companies and institutions concentrate on building more secure "machines", they spend almost no money on training their employees. Call up the help desk of your favorite fortune 500 company, claim your Mr. X use an on-line company directory to get someones name that is HIGH up. A board member is always good. Bitch about not being able to get your mail, while you may not get a passwd, you WILL get the IP address of the POP3 server, what the mail client is used.Security can only start after every one is trained to be secure.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Here's something to think about: How should software installation work in a secure system? The installation process for untrusted applications needs to be untrusted; it shouldn't be possible to break anything or install a security hole when installing an untrusted application. Package management needs to accept more restrictions; running installs as root is out. Fixing this requires a lot of grunt work and some cleverness. In particular, shared component management in a secure environment is a lot more complex. Worth fixing, though; that's one of the giant pains of OS use today.