Re: Splitting root's rights (Was: Some applications for securelevel)

Andreas Kostyrka (andreas@medman.ag.or.at)
Fri, 16 Feb 1996 09:13:44 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yuri Per: "Re: smbfs patch for inode numbers"
Previous message: Colten Edwards: "TCP layer bugs"

On Thu, 1 Feb 1996, Ulrich Windl wrote:

> > From: Andreas Kostyrka <andreas@medman.ag.or.at>
> > Subject: Re: Some applications for securelevel
> > Date sent: Wed, 31 Jan 1996 19:20:20 +0100 (MET)
>
> > > > > So if you need to recover a damaged system, it's certainly not the case
> > > > > that POSIX.6 privileges would lock you out from that.
> > > > But it makes the recovery much more difficult, especially if we go for a
> > > > clean design, where there isn't any switching of permission policy at
> > > > runtime? And booting from a boot floppy to fix things, that I can do now
> > >
> > > Restoring backups can be as disastous as wiping out your disk. Maybe
> > > the avarage system administrator shouldn't be allowed to.
> > I see. So if a disk crashes, it is work for the High Priester^H^H^H^H^H^H^H^H
> > Admin, it doesn't matter that the users have to wait longer to continue
> > working. It doesn't even matter, that perhaps all over the world machines
> > are spooling Email, because the gateway machine can't be restored timely.
> > I see: Perhaps we should enforce a PGP-signed document from an authority
> > for FULL root access. In Germany I'd propose the Verfassungsschutz for this
> > one, and in the USA the NSA could play this part ;) And we should make
> > it rather difficult to remove from the kernel source!
> > Ok, [zynic-mode off]
>
> [Serious mode on]
> If you have a lot of data to backup, it's usual to have incremental
> backups (maybe three levels). If you restore all three levels (because you
> know nothing about the damage), you'll end up with more files that you
> onece might have had. Now imagine that you deleted a file to prevent some
How do I end up with more files? *justwondering* Or is this the
super-duper-plus mode of tar, which creates more files? (incremental
backups also remove files taht were removed. If they don't, then
something is broken.) (And beside, the only thing that is regulary
backuped here is my primary home partition, and that I do usually as full
backups, but in the last time I had to stop this good habit, because
zftape-1.02 breaks with 1.3.59SMP+m6 :(()

Andreas

--
Andreas Kostyrka
Email: andreas@medman.ag.or.at
Fax: +43/1/7070750 Tel: +43/1/7077571, +43/664/3020166 (cellular)
Copyright 1996 Andreas Kostyrka.  Microsoft Network is prohibited from
redistributing this work in any form, in whole or in part.

Next message: Yuri Per: "Re: smbfs patch for inode numbers"
Previous message: Colten Edwards: "TCP layer bugs"