->> Michael S. Hines wrote:
->>From time to time I note that people are doing routine work at root level.
->>This seems that it would pose a security risk... at least that an
->>accident could product disasterous results.
->>Shouldn't sysadmins have a "regular" account that they use most of the
->>time, and a "root" account that is only used for system administration?
->>This is true on the routers as well as clients and servers, I think.
->Yes, That is the way CTOS works.
->CTOS is a unique (UNISYS) flavor of Unix - for those not familiar.
->It has no privleged requirements to run system services.
->Administrators use a confined level of access to do system work.
->If someone breaks into a service, there is no way for the "hacker"
->to gain system wide privledges - like there are on Root Unix services.
->If an admin wants to have access to "everything" s/he needs to use a
->special "volume" password. I believe, but can not confirm, that there
->are organizations using CTOS pentium boxes as firewalls. However, at
->present (and as far as I know) there is only limited access from a CTOS
->box to the internet, ie.. SMTP, FTP, Telnet (out), X Server. However,
->X windows application programers are working on this issue.
->Rodger Rossman |
->Unisys Network Administrator | R.ROSSMAN/ARSC @
So how is hacking for the "volume" password any different than hacking for
the "root"? Sounds like the same ol' problem.
As for limited access by not having full internet functionality, I suppose
it would be safer by not being able to offer many of the standard services.
On that note... I'm switching my Sun SPARC firewall for a Casio BOSS! ;-)
If SMTP, FTP and telnet are only provided as client side processes I
don't see how X windows will provide a way for others to contact you...
With any security, that is. I suppose you could put up an X server and
let anyone send stuff to it, but this is hardly a replacement for SMTP,
FTP and telnet daemons.
\ Bill Burge burge @
com / Sys Admin, Postmaster, Newsmaster /
\ Developer Research \ Lead System Crasher /
\ Quarterdeck Office Systems / "Still crazy after all these years" /