From: Steve L. <sl...@ki...> - 2001-05-22 13:56:45
|
On Mon, 21 May 2001, Gordon Worley wrote: > How secure is the memory in OS X? As compared to the classic Mac > OSes? Compared to other Unicies? Good question. I'll ask around. > Will Apple be opening the source code of the Keychains and such soon > to peer review? I'd like to see all of there security components > available as source code so that I could look at them for anything > suspecious and decided whether I felt they were safe to use. I'm > probably not the best qualified person to do this, but at least some > checking is better than none. Another good question. Cocoa and EOF can arguably be called the crown jewels that don't make sense to open up... but security components really should be open. > When am I going to get my NeXT style scroll bars back? ;-) No, I'm > serious; someone please ask them this. I want them back, and I don't > have the time to figure out how/if I can do this. This should probably be sent to the Mac OS X feedback email address. I don't know if there is a session I'll be at where I can ask this, but I'll ask one of the engineers tonight. > Is there a really good reason not to have a root user other than that > the average consumer might make the mistake of running as root all of > the time? The way I see it, if some one gets access to anyone in > staff, they have your password and can sudo to rm -rf / or any other > badness they want to cause. Plus, millions of boxes have a root user > out there and do just fine (better) than OS X boxes when it comes to > security. Well... I'm biased on this one because it was actually my suggestion to the engineer in charge of this over a year ago to disable root and use sudo. It has everything to do with protecting mom and dad from doing something stupid. Root is very easy to renable for those that want it, but in my opinion, you really only need root for catastrophic failure of a system. I haven't logged in as root for years (even when I was a full time admin for Lucent) (okay, that's actually bullsh*t... I had to log in as root to install WebObjects 5 for some ridiculous reason) > Of course, I'm interested in any interesting tid bits about security > that may be picked up there, but I don't want to push any one who is > there to go to security sessions for me. If you're interested, go > and report back anything interesting, but otherwise do what you want > (yeah, like you'd do anything I'd ask you to anyway ;^)). I'll be attending mostly WebObjects sessions, but there were definately a few security sessions I was going to try to make anyway. I'll try to get your questions answered. later -steve |