From mboxrd@z Thu Jan 1 00:00:00 1970 From: Corey To: 9fans@9fans.net Date: Thu, 6 Aug 2009 00:52:54 -0700 User-Agent: KMail/1.11.4 (Linux/2.6.27-gentoo-r8; KDE/4.2.4; i686; ; ) References: <200908051920.10243.corey@bitworthy.net> <200908052315.35723.corey@bitworthy.net> <7d3530220908052330i5a474ed5r27a266c082f1bd4d@mail.gmail.com> In-Reply-To: <7d3530220908052330i5a474ed5r27a266c082f1bd4d@mail.gmail.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200908060052.55018.corey@bitworthy.net> Subject: Re: [9fans] a few Q's regarding cpu/auth server Topicbox-Message-UUID: 39e18b44-ead5-11e9-9d60-3106f5b1d025 I imagine this is probably a subject full of landmines, so I don't want to start a war! I won't press the issue, just want to respond to this, and then I'll just leave the status quo well enough alone. I respect those opinions which differ from my own. On Wednesday 05 August 2009 23:30:38 John Floren wrote: > On Wed, Aug 5, 2009 at 11:15 PM, Corey wrote: > > On Wednesday 05 August 2009 19:42:54 Anthony Sorace wrote: > >> philosophy. plan9, like research unix before it, recognizes that if > >> you have physical access to the box, all bets are off anyway. > > > > Well, sounds like a flawed philosophy taken too far. > > > > Flawed, because all bets are not necessarily off with physical access; > > and taken too far, because... dang, what harm is there in providing > > that last means of interference to a hostile? > > > >> security consists of locking your door. > > > > ... which means bootes is just a quick hacksaw or boltcutter or > > crowbar away... so why even bother with a locked door? > > That wasn't a rhetorical question. Why bother locking your door? Any intruder worth his weight in salt can circumvent such a simple security mechanism with ease. > > Security is ultimately about the price/time/effort/skills a potential > > attacker (or vandal) is willing (and able) to put forth in order to > > overcome a system's security measures. A password is amazingly effective > > for a vast number of the most common circumstances encountered in many > > typical environments. > > I argued this once too, but eventually came around to the Plan 9 way > of thinking. > ( I'm going to repeat what I've already written to someone else offlist ) The Plan 9 way of thinking (wrt the security of physical terminal access) completely undermines, or somehow fails to recognize, the very real fact that there is always a cost/risk effort/reward equation at play. Out of X number of would-be intruders, only a small fraction of those would, under most circumstances, have the balls and the time to dismantle the server without being noticed; versus all those who would (perhaps even out of sheer curiosity/mischievousness) love to get quick and easy, unauthorized access to an open terminal for a quick opportunistic, low-risk "look-see", or to play around, or to simply outright f*ck sh*t up and bail. Fact is... I would _rather_ force that rare motivated and prepared intruder into taking down the box... sheesh, at least I'd be alerted that something went wrong rather quickly. Versus having some ghost in the shell merrily have his way with the system for a period of time. It's weird, it seems so obvious. Passwords help with security. Anyone who relies on them too heavily is being foolish; but regardless - they're most certainly a useful and proven preventative measure to a vast majority of likely potential situations. > Once you have physical access to the machine, it's yours > anyway. Just boot the Plan 9 CD and mount the fossil or any of the > other possibilities that arise when you are able to physically insert > bootable media into a system and force it to reboot. > This assumes that: 1 - the intruder came prepared with a Plan 9 disk 2 - the machine in question does in fact have a cdrom/floppy attached So I say again: whenever you happen to find yourself with physical access to any given computer, it is _not_necessarily_ yours. There are a large number of circumstantial situations that are most often than not likely to make the dismantling of the machine a much higher risk operation. In all those situations, where a screw driver simply is not an option - boy oh boy what fun can be had with a wide open terminal... it's practically begging you to mess around; even if just for a quick couple of minutes before you bugger off. However, it is _certainly_ yours if it's a total no-brainer to simply start entering commands as a privileged user. > If your Linux system is sitting out, oh no, there's a big scary login > prompt! First thing I try is rebooting and adding "single" to the end > of the kernel options. If that doesn't work, I grab a bootable Linux > CD, boot it, and mount your filesystem. Unless you're encrypting the > disk (probability: low), it's all mine now. > We're talking Plan 9, not *nix. Anyhow - whatever! I can only imagine this has already been gone through before; and it's not going to make me stop using Plan 9 even though I think it's absurd. (c8= Regards! Corey