Unix System Security
Tom Gardner
tgg at otter.hpl.hp.com
Thu Jan 11 04:37:21 AEST 1990
David Newall Phone: +61 8 343 3160
Unix Systems Programmer Fax: +61 8 349 6939
Academic Computing Service E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology Post: The Levels, South Australia, 5095
writes:
>>tgg at otter.hpl.hp.com (Tom Gardner) writes:
>> Posting details of known UNIX security holes to the net is a *very* bad idea;
>> I hope the reasons are obvious.
>Do you suggest that the bad people won't find out about security holes if
>those holes aren't published? So naive...
Please reread my posting; I implied no such thing. To use an analogy of dubious
validity, gun control does not prevent murder, but it does reduce the problem
(is that a sufficiently contentious statement? ;-} ).
>Personally I wish to hear about problems as soon as possible; so they can be
>fixed. What would *you* suggest is the best way of securing Unix?
Sorry, my magic wand is fresh out of twinkle dust today... ;)
I want to hear about *fixes* as quickly as possible. The original posting could
have resulted in details of *open* holes being widely circulated and read by
persons of unknown responsibility; I hope you would agree that would be unwise.
As to how to get Unix holes plugged: there are a number of conflicting
approaches each of which has advantages and disadvantages, and I have no
intention of proposing The Answer (tm). What is your Answer?
More information about the Comp.lang.c
mailing list