From owner-freebsd-questions Thu Nov 1 2:31:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta05.mail.mel.aone.net.au (mta05.mail.au.uu.net [203.2.192.85]) by hub.freebsd.org (Postfix) with ESMTP id ECE2437B406 for ; Thu, 1 Nov 2001 02:31:37 -0800 (PST) Received: from becca ([63.12.24.4]) by mta05.mail.mel.aone.net.au with SMTP id <20011101103136.DKUD2135.mta05.mail.mel.aone.net.au@becca> for ; Thu, 1 Nov 2001 21:31:36 +1100 Message-ID: <006e01c162bf$8c5d87e0$0b64a8c0@becca> From: "Rob B" To: "FreeBSD Questions" References: <005a01c161ed$a19933c0$1401a8c0@tedm.placo.com> <5.1.0.14.2.20011101165340.02192a40@pop.ozemail.com.au> <005301c162bd$59ac2740$0a00000a@atkielski.com> Subject: Re: Tiny starter configuration for FreeBSD Date: Thu, 1 Nov 2001 21:25:36 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Anthony Atkielski" To: "FreeBSD Questions" Sent: Thursday, November 01, 2001 9:09 PM > Rob writes: > > > Please explain _this_ one? > >The security problems with UNIX > are legion, And the Windows ones are not? >but the two that generally spring to mind instantly are the > all-or-nothing privilege structure of the system (you're either root, and master > of the world, or someone else, and master of nothing), Only partly true. Root is all powerful, but so is any member of the WinNT/2k Administrator group. > and the absence of any > real granularity in access controls (you can control owner, group, and world > permissions, and nothing else). How much more granular do you want? > This sort of lightweight security was fairly common forty years ago when UNIX > was developed, but today it is considered massively insecure. By whom? What is it's replacement? I can set different authentication measures for different applications by using PAM, and I can use Kerberos (which has been on *nix for far longer than on Micros~1 products) to determine permissions > And the big > brother of UNIX had exactly the opposite type of security, i.e., some of the > best that any operating system has ever had. At the time, however, good > security ate up lots of expensive machine resources, and the thought of > strangers banging against a system from computers around the world virtually > never entered anyone's mind. If you are referring to MVS (IIRC this was brought up earlier in this thread), attacks were seen as coming from serial consoles or by rogue programs placed onto the system. None of any of this thread has regarded remote security, only "local" Rob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message