My Broadcast


Barry Shein (bzs@bu-cs.bu.edu)
Wed, 8 Apr 87 16:52:50 EDT


>...If Unix is still vulnerable
>after a decade of availability should we ever expect it to be safe?

Look folks, we're really flying off the handle here on innuendo and
virtually no facts.

Let me try to rehash what I believe happened that started all this:

Sun provided a utility, rwalld, which is a daemon which listens for
certain informatory message broadcasts on a network (such as a
scheduled system shutdown) and displays them on terminals.

This was an extension of the single system 'wall' (Write ALL) program
that most UNIX systems come with. Wall, as it is standardly provided,
is not the issue. Most O/S's come with some utility to broadcast a
message within a local system (ie. no network involved.) Sun simply
extended this service to a network facility (leaving the older method
intact, thus it was an optional extension.)

The security breach was that someone discovered that many systems were
configured to accept these broadcasts fairly indiscriminately.

This, in turn, was due not to a lack of security inherent in the
system, but the fact that the way the system comes off the tape it
allows this. All O/S's come off of distribution tapes inherently
insecure (eg. super-user password is typically generic or null.)

There is a facility (netgroups) which is supposed to be set up by the
concerned system administrator with those machine groups who are to be
allowed to issue such broadcasts (well, that's a little backwards, you
list the systems who you will accept such messages from.)

So, in complete contradiction to Mark Crispin's analysis, it was not
the "random gurus" who were the problem in finding an unclosed
security hole but, rather, the sysadmins who never even opened the
manuals to find out what daemons they were running and how to
administer security (there aren't that many, look at your start-up
files and services/servers files.)

Or, perhaps as was the case with my system (which received the
broadcast) they didn't particularly care if someone sent such a
message and viewed it in the same light as someone sending mail to
someone who didn't want it, a nuisance that could be dealt with easily
if a problem arises (I am still not convinced there is much of a
problem with this particular event.) We never really took a vote on
how many people even agree that a security breach worthy of concern
has occurred on their system, even that fundamental observation
remains an opinion.

Thus, as is almost always the case with system security, it was not
the fault of the system providers but entirely the fault of those
charged with the responsibility of maintaining the system, if they
were concerned about this (later) then they have only themselves to
blame. They simply left the barn door wide open, ignoring the door,
the lock and the key.

To add insult to the system administrator's injury, not only was it
within their normal administrative power to limit such an event with a
simple file edit, they never even had to run the utility at all. It
is purely icing on the cake to find out about other system's status
changes on your network and can be removed by adding one comment
character to one line in the system's start-up file with no real ill
effect on the operation of the system (remember, only SUN's UNIX even
has this particular utility.)

I really wish that people who send notes discussing these issues would
ask themselves if their notes actually contain any factual information.

If nothing else, this whole interchange has pointed out how
ill-informed many folks are about security management on various
systems and how they have turned to folk tales and philosophizing
to supplant that void.

This, in my opinion, is a far worse problem. I do not deny that there
are security and integrity problems on an internet. I only claim that
little of the discussion I have seen has moved us any closer to
measuring and rectifying the problems instead of just finding someone
to blame (we has met the enemy and they is us.)

        -Barry Shein, Boston University



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:07 GMT