Re: [9fans] a few Q's regarding cpu/auth server

[Corey <corey@bitworthy.net>]

I imagine this is probably a subject full of landmines, so I don't want to
start a war!  I won't press the issue, just want to respond to this, and
then I'll just leave the status quo well enough alone.

I respect those opinions which differ from my own.

On Wednesday 05 August 2009 23:30:38 John Floren wrote:
> On Wed, Aug 5, 2009 at 11:15 PM, Corey<corey@bitworthy.net> wrote:
> > On Wednesday 05 August 2009 19:42:54 Anthony Sorace wrote:
> >> philosophy. plan9, like research unix before it, recognizes that if
> >> you have physical access to the box, all bets are off anyway.
> >
> > Well, sounds like a flawed philosophy taken too far.
> >
> > Flawed, because all bets are not necessarily off with physical access;
> > and taken too far, because... dang, what harm is there in providing
> > that last means of interference to a hostile?
> >
<snip>
> >> security consists of locking your door.
> >
> > ... which means bootes is just a quick hacksaw or boltcutter or
> > crowbar away... so why even bother with a locked door?
> >

That wasn't a rhetorical question.  Why bother locking your door?

Any intruder worth his weight in salt can circumvent such a simple
security mechanism with ease.


> > Security is ultimately about the price/time/effort/skills a potential
> > attacker (or vandal) is willing (and able) to put forth in order to
> > overcome a system's security measures. A password is amazingly effective
> > for a vast number of the most common circumstances encountered in many
> > typical environments.
>
> I argued this once too, but eventually came around to the Plan 9 way
> of thinking.
>

( I'm going to repeat what I've already written to someone else offlist )

The Plan 9 way of thinking (wrt the security of physical terminal access)
completely undermines, or somehow fails to recognize, the very real fact that
there is always a cost/risk effort/reward equation at play.

Out of X number of would-be intruders, only a small fraction of those would,
under most circumstances, have the balls and the time to dismantle the server
without being noticed; versus all those who would (perhaps even out of sheer
curiosity/mischievousness) love to get quick and easy, unauthorized access to
an open terminal for a quick opportunistic, low-risk "look-see", or to play
around, or to simply outright f*ck sh*t up and bail.

Fact is... I would _rather_ force that rare motivated and prepared intruder
into taking down the box... sheesh, at least I'd be alerted that something
went wrong rather quickly. Versus having some ghost in the shell merrily have
his way with the system for a period of time.

It's weird, it seems so obvious.  Passwords help with security. Anyone who
relies on them too heavily is being foolish; but regardless - they're most
certainly a useful and proven preventative measure to a vast majority of
likely potential situations.


> Once you have physical access to the machine, it's yours
> anyway. Just boot the Plan 9 CD and mount the fossil or any of the
> other possibilities that arise when you are able to physically insert
> bootable media into a system and force it to reboot.
>

This assumes that:

1 - the intruder came prepared with a Plan 9 disk

2 - the machine in question does in fact have a cdrom/floppy attached


So I say again:  whenever you happen to find yourself with physical
access to any given computer, it is _not_necessarily_ yours. There
are a large number of circumstantial situations that are most often
than not likely to make the dismantling of the machine a much higher
risk operation. In all those situations, where a screw driver simply is
not an option - boy oh boy what fun can be had with a wide open
terminal... it's practically begging you to mess around; even if just
for a quick couple of minutes before you bugger off. However, it is
_certainly_ yours if it's a total no-brainer to simply start entering
commands as a privileged user.


> If your Linux system is sitting out, oh no, there's a big scary login
> prompt! First thing I try is rebooting and adding "single" to the end
> of the kernel options. If that doesn't work, I grab a bootable Linux
> CD, boot it, and mount your filesystem. Unless you're encrypting the
> disk (probability: low), it's all mine now.
>

We're talking Plan 9, not *nix.

Anyhow - whatever!  I can only imagine this has already been gone through
before; and it's not going to make me stop using Plan 9 even though I
think it's absurd.  (c8=


Regards!

Corey