Re: What could have been done differently?

[just me <matt () snark net>]

On Tue, 28 Jan 2003, Scott Francis wrote:


  He argued instead that OSes should be redesigned to implement the
  principle of least privilege from the ground up, down to the
  architecture they run on.

[...]

  The problem there is the same as with windowsupdate - if one can spoof the
  central authority, one instantly gains unrestricted access to not one, but
  myriad computers.

[...]

  So far, the closest thing I've seen to this concept is the ssh
  administrative host model: adminhost:~root/.ssh/id_dsa.pub is
  copied to every targethost:~root/.ssh/authorized_keys2, such that
  commands can be performed network-wide from a single station.


Do you even read what you write? How does a host with root access to
an entire set of hosts exemplify the least privilege principle?

matto

--mghali () snark net------------------------------------------<darwin><
   Flowers on the razor wire/I know you're here/We are few/And far
   between/I was thinking about her skin/Love is a many splintered
   thing/Don't be afraid now/Just walk on in. #include <disclaim.h>