The security problems on Grex are a little different than those other systems have to deal with. On most systems, the first layer of security is preventing unauthorized people from logging in to the computer. But the whole point of Grex is to give away free accounts to total strangers. We want unauthorized people to log into our system.

From a security standpoint, this is both a blessing and a curse. On the positive side, we don't have to worry about mysterious people somehow logging into our system, because that happens all the time anyway. Some things that are considered secret on other systems aren't secret here.

For example, on most Unix systems, the login program responds to all errors with the message "Login incorrect". They don't differentiate between a bad login name or a bad password for a perfectly good login name, because they don't want to give hackers any clue about which login names exist. But Grex's login program has been modified to give messages like "Password Incorrect" and "No Such Login". Since anyone can get on our system, the full list of login names is no secret. Making the messages more helpful means staff gets fewer requests for help and the requests we get are less confused.

On the negative side, we don't have that first layer of security that other systems do, and we do still have things we need to keep secure. To understand our approach to security, it is important to first understand what our goals are. We need security for several reasons:

Grex's staff operates with a certain amount of secrecy. Staff meetings, unlike board meetings, are not open to the public. The staff conference is the only closed conference on Grex. This is done for several reasons. First, we sometimes have to discuss the activities of individual users who may be causing problems of the sort described above. We don't want to discuss people's usage in public, particularly if they turn out to be engaged only in innocent activities. Second, there is usually some time lag between the time we discover a security problem and the time we fix it. We'd like to keep the existance of problems secret for that time period, if possible.

In general, however, we do not believe in keeping our security arrangements secret. This is why we have published detailed descriptions of most of our security arrangements on the web. We also maintain a public discussion forum on technical issues related to the operation of Grex in the garage conference. As a general principle, security by obscurity is generally very poor security. People who want to crack your security to steal things are often highly motivated, and secrets will leak out. By publishing our methods, we put nice people who are merely interested in security systems on an equal footing with the bandits. The nice people will probably let us know if they notice any weaknesses. The bandits probably won't. Thus publishing our security arrangements should make them more secure in the long run.

Grex runs SunOS 4.1.4, but has made many modifications to the basic software. Other technical notes give more detailed information about security-related aspects of these modifications to Grex:

Document History:

Mar 30, 1998: Jan Wolter (janc) - Minor updates and corrections.
Nov 19, 1997: Jan Wolter (janc) - Expansion of discussion of secrecy.
Aug 13, 1997: Jan Wolter (janc) - Initial Revision.