nanog mailing list archives
Re: What could have been done differently?
From: just me <matt () snark net>
Date: Wed, 29 Jan 2003 12:21:50 -0800 (PST)
On Wed, 29 Jan 2003, Scott Francis wrote: On Wed, Jan 29, 2003 at 10:47:30AM -0800, matt () snark net said: > On Tue, 28 Jan 2003, Scott Francis wrote: > > He argued instead that OSes should be redesigned to implement the > principle of least privilege from the ground up, down to the > architecture they run on. > > [...] > > The problem there is the same as with windowsupdate - if one can spoof the > central authority, one instantly gains unrestricted access to not one, but > myriad computers. > > [...] > > So far, the closest thing I've seen to this concept is the ssh > administrative host model: adminhost:~root/.ssh/id_dsa.pub is > copied to every targethost:~root/.ssh/authorized_keys2, such that > commands can be performed network-wide from a single station. > > Do you even read what you write? How does a host with root access to > an entire set of hosts exemplify the least privilege principle? Your selections from my post managed to obscure the fact that I was making more than one point. I did _not_ state that the ssh key mgmt system outlined above exemplifies least privilege. I was merely making a comparison between that model and the topic under discussion, central administrative/authenticating authorities. So when windowsupdate does it, its a problem, because they aren't using ssh keys? I'm just confused, as they both seem to represent the same model in your discussion, however one is a "problem" and the other is a sugegsted practice. Is it because windowsupdate requres explicit action on each client machine to operate? I'm still missing whatever point you were trying to make in your original post. Please do not put words into my mouth. I'm not. I'm simply quoting ones coming from it. matto --mghali () snark net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>
Current thread:
- Re: What could have been done differently?, (continued)
- Re: What could have been done differently? bdragon (Jan 29)
- Re: What could have been done differently? Mike Hogsett (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 28)
- RE: What could have been done differently? Drew Weaver (Jan 28)
- RE: What could have been done differently? Ray Burkholder (Jan 28)
- Re: What could have been done differently? Iljitsch van Beijnum (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Iljitsch van Beijnum (Jan 29)
- Re: What could have been done differently? just me (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Re: What could have been done differently? just me (Jan 29)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Message not available
- Re: What could have been done differently? Scott Francis (Jan 30)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Brian Wallingford (Jan 28)
- Bell Labs or Microsoft security? Sean Donelan (Jan 29)
- Re: Bell Labs or Microsoft security? Richard A Steenbergen (Jan 29)
- Re: Bell Labs or Microsoft security? Marshall Eubanks (Jan 29)
- Re: Bell Labs or Microsoft security? Richard A Steenbergen (Jan 29)
- Re: Bell Labs or Microsoft security? Florian Weimer (Jan 29)