Non-student users get full access to Athena
By Ronald Becker
Two high school students compromised the security of Project Athena last month when they gained access to Athena and created accounts for themselves.
An Athena systems operator had apparently provided them with a superuser password. The operator has since been fired.
A superuser password allows the superuser unrestricted access to everything on the computer, including system files and programs to which ordinary users are denied access. This access allows the superuser to erase entire disks at will as well as build accounts. Only a few Athena users know the passwords. These users include students as well as staff.
The operator was a full-time non-student employee, employed on a temporary basis, according to Eva Tervo, Coordinator of Athena Operations. He was used to smaller systems, with fewer users -- he did not fully understand the ramifications of his action, she explained.
The operator was fired because "too many people are involved [with Athena]. ... We cannot afford to have people working that we can't trust," Tervo said.
Tervo would not divulge the name of the operator, because she did not want this incident to follow him later in life. Stephen R. Lerman '72, director of Athena, also refused to reveal the name.
The high school students' names were also not released, but Turvo confirmed that one of them was involved with MIT's Educational Studies Program.
In a special Athena supplement to The Tech on March 19, Lerman outlined the principles of responsible use of Project Athena. He described the intended function of Athena as "only for educational use by MIT community members. Use of Athena resources for anyone outside MIT requires approval of the Provost."
"So far we have not had problems that required us to use [Committee on Discipline] procedures," Lerman said. He emphasized that in the future Athena will continue to "try to handle most problems internally."
Lerman said he considered Student Center accounts to be privileges which could be removed in disciplinary action. Course accounts, however, would be harder to remove since it might restrict a student from taking a course, he said.
The course professor and the COD would probably have to be involved in such an action, he added.
Lerman and Tervo separately acknowledged that UNIX, the operating system used by Athena, is not secure.
They added that UNIX was chosen for its networking capabilities, and not for its security. Tervo said a "balance of features to the users" was sought in the choice of an operating system.
The reference manual, Essential Athena, advises against storing "personal or sensitive information" on Athena, because of the risk of "inconsiderate or unknowing individuals" gaining access to the files.
Tervo suggested that "I would be worried about putting my thesis on line... There may not be a problem, but you can never be sure."
She also suggested ways of improving the security of accounts. Tervo primarily warned against the sharing of Athena accounts. "One of the major problems we've had is the sharing of logins."
In order to increase superuser account security in the future, Tervo said that the passwords will be changed more frequently. She recommended that individual users also change their passwords frequently.
"In order to secure the problem we must improve service so people know when the machines are going to be down."
"They [students] get desperate and do interesting things"
"Your own personal integrity" is the best security - Lerman -"honor-system"
"We have promised people that they can have their accounts for the length of their time at MIT."
"Are you taking normal precaution"
"Do not take things for granted"
Not all consultants and operators have root access (superuser)
students need superuser access to do "low level system-maintainance"
Eventually would like to see "build a set of tools so that maintenance can be done without being superuser.