How to stop future viruses.
Anders Bj|rnerstedt
anders at suadb.UUCP
Fri Nov 11 22:15:36 AEST 1988
I would like to add:
6. A less blunt use of the set-user-id mechanism.
Sendmail apparently needs to do rights amplification,
but I dont see why it needs superuser rights. The uucp
binaries have thier own owner/domain "uucp". Why cant
the binaries related to mail have a similar domain "mail".
I am sure there are other suid programs which are today
owned by root, but which dont actually need full superuser
priviliges.
7. It should be *possible* to physically write lock filesystems
including the root file system. The disk write lock could
perhaps be used, but the fact that it is tied to a device
usually creates problems. What is needed is a physical togle
for a logical concept: secure filesystems. It should be
possible to place stable things like system programs in file
systems marked "secure". The kernel (which would itself be
placed in a secure filesystem) would only allow writes to
a secure filesystem if a physical togle was in the "open"
position. Normally the togle would be in the closed position.
The togle is opened only when changes are really needed and
requires a person to physically do it on-site. Sometimes this
would be perceived as an inconvenience, but for those willing
to pay the price it should be possible
------------------------------------
Anders Bjornerstedt
Department of Computer & Systems Sciences
University of Stockholm
S-106 91 Stockholm
Sweden
INTERNET: anders at sisu.se OR anders%sisu.se at uunet.uu.net
UUCP:{uunet,mcvax,cernvax}!enea!sics!sisus!anders.
More information about the Comp.unix.wizards
mailing list