![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: What could have been done differently?
From: just me <matt () snark net>
Date: Wed, 29 Jan 2003 10:47:30 -0800 (PST)
On Tue, 28 Jan 2003, Scott Francis wrote: He argued instead that OSes should be redesigned to implement the principle of least privilege from the ground up, down to the architecture they run on. [...] The problem there is the same as with windowsupdate - if one can spoof the central authority, one instantly gains unrestricted access to not one, but myriad computers. [...] So far, the closest thing I've seen to this concept is the ssh administrative host model: adminhost:~root/.ssh/id_dsa.pub is copied to every targethost:~root/.ssh/authorized_keys2, such that commands can be performed network-wide from a single station. Do you even read what you write? How does a host with root access to an entire set of hosts exemplify the least privilege principle? matto --mghali () snark net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
Current thread:
- Re: OT: Re: WANAL (Re: What could have been done differently?), (continued)
- Re: OT: Re: WANAL (Re: What could have been done differently?) Scott Francis (Jan 28)
- RE: What could have been done differently? Vadim Antonov (Jan 28)
- Re: What could have been done differently? bdragon (Jan 29)
- Re: What could have been done differently? Mike Hogsett (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 28)
- RE: What could have been done differently? Drew Weaver (Jan 28)
- RE: What could have been done differently? Ray Burkholder (Jan 28)
- Re: What could have been done differently? Iljitsch van Beijnum (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Iljitsch van Beijnum (Jan 29)
- Re: What could have been done differently? just me (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Re: What could have been done differently? just me (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Message not available
- Re: What could have been done differently? Scott Francis (Jan 30)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Brian Wallingford (Jan 28)
- Bell Labs or Microsoft security? Sean Donelan (Jan 29)
- Re: Bell Labs or Microsoft security? Richard A Steenbergen (Jan 29)
- Re: Bell Labs or Microsoft security? Marshall Eubanks (Jan 29)