> I'm happy that root is just a name for uid 0, but what about
> processes that need to be started at boot time? Will it be
> possible to run these at boot time without an entry for root in
> the password file, and without the setuid bits on executable
Actually, the term "root" is getting overloaded in this discussion.
It has two fundamental properties of interest here: 1) it has uid 0
which is really necessary in most Unix systems, and 2) it can override
lots of access protections on the system. We left in 1) and
constrained 2) using our type enforcement mechanism. Some standard
Unix systems try to get a similar effect with chroot, with varying
degrees of success.
> If it is, then this seems like a fine security measure for a
> bastion host.
I think the industry has proven there's a huge market for host systems
with limited security. So we at least need to make strong firewalls.
com secure computing corporation