passwords and protection files


jsq@zotz.cs.UTEXAS.EDU
Mon, 29 Sep 86 11:03:37 cdt


Let's remember that if system people are forced to type super-user
passwords across a network in clear text that that's just as bad a
security problem as the permission file setup being complained about.
(Though I suppose the cracker is more likely to need physical access
to the local network.)

Also, the way the crackers got into system people's accounts in this
instance was through tricking badly written privileged programs to
execute out of directories with *public* write permission, without
which the question of whether system people should be able to write
into program directories without typing passwords would have been moot.

I.e., the really bad security problem in a network of 4BSD machines
is privileged programs that don't constrain their search paths and
arguments.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:36 GMT