On UNIX secuurity

Ron Natalie (elbereth.rutgers.edu!ron.rutgers.edu!ron@rutgers.edu)
10 Nov 88 13:29:10 GMT

There were and still are a large number of UNIX security bugs that
are passed around under the table to knowledgable UNIX system administrators.
Unfortunately, that whole idea is entirely passe. No longer is UNIX run
by a group of guys that sit up at night talking to each other at USENIX's.
It's big business. The major reason that the bugs were not publicized more
widely was it was felt that people didn't want to make this obscure information
more available since most people wouldn't be able to fix them without source.
Many of the vendors (I'm not talking about Sun specifically here) don't care
to track carefully what even the concientious research people are trying to
do. Blatent bugs still exist in the recent release of one O/S even after they
FIXED it to stomp on the morris-worm. Knowledgable system administrators
ought to know enough to beat on the vendors, but even at Rutgers there aren't
that many knowledeable system adminstrators. UNIX workstations exist in non
technical and non-academic departments, even in technical departments they
are owned and operated by people who are lucky if they know how to change
the root password on their own machines (for example I had to point out
a glaring problem to a workstation owned by a dean here).

At least now with the nationwide publicity this has caused, we've got
many of these guys asking the cental support facility what they need to
do about security, so I guess it may be a good thing.


This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT