Re: Changing from L4 to something else...

[Jonathan S. Shapiro]

On Sun, 2005-10-30 at 19:53 +0000, Neal H. Walfield wrote:
> At Sun, 30 Oct 2005 18:58:54 +0100,
> Bas Wijnen wrote:
> > On Sat, Oct 29, 2005 at 04:10:19AM +0200, Yoshinori K. Okuji wrote:
> > > On Friday 28 October 2005 07:10 pm, Jonathan Shapiro wrote:
> > > > It is a curious thing that people simultaneously want safety from the 
> > > > admin
> > > > and help from them. Sometimes you have to pick one or the other.
> > > 
> > > You are right. Fortunately or unfortunately, this is the truth. So I 
> > > repeatedly claim that balancing is the key point in making decisions.
> > 
> > Still, telling people "I am the owner of this computer, you can use it, and 
> > I
> > am not technically able to spy on you or change your things, except if you
> > give me your password" should be understandable for "normal" people.  When
> > they know this, they will also know that asking the the owner to change 
> > their
> > data without remembering their password will result in a negative response.
> > They may not like that, but I think they consider it a good idea to be
> > protected from the sysadmin.  And if they don't, nothing stops them from
> > installing a back door for him.  That is, this can be realised on a per-user
> > basis.  That sounds like a good idea to me. :-)
> 
> I don't buy this argument.  It seems pretty easy to me to implement
> su.

Not if the system is designed well.

shap