Re: High ranking lusers

[Rick Smith <rick_smith () securecomputing com>]

Anonymous penned a Dilbertesque vignette:

> Little Boss:  The Big Boss wants a shell script to be setuid root.

This one sentence says it all, the rest just fills in the other panels of
the comic strip.

We have here a failure to divide up responsibilities properly within the
company. It's bad business if a manager is responsible for system integrity
and also has business objectives that he can achieve by putting holes in
the system. This is like putting the same person in charge of both accounts
receivable and accounts payable, except the guy doesn't make money off of
it. Now, if Big Boss' fiefdom is the sole user of the computer in question,
then Big Boss is certainly within his rights to dig his own grave. On the
other hand, if this computer is shared by other departments (finance, HR,
operations, business development, etc) then he's indulging in truly bad
karma at a corporate level.

Ultimately, people are always allowed to do dumb things as long as the
company makes lots and lots of money off of it. Look at analog cell phone
security.

Rick.
smith () securecomputing com