A Program To Allow ANYONE... (Not again!)
T.J.Teixeira
tjt at kobold.UUCP
Sat Nov 26 00:32:49 AEST 1983
I don't see any substantial difference between posting a program to
read device queues to the network and including a paper on cracking
passwords in the system documentation (Robert Morris, Ken Thompson,
"Password Security: A Case History" in Volume 2B of the Seventh Edition
UNIX Programmer's Manual).
Perry's style of presentation is certainly flamboyant, to say the
least. If you filter out this flamboyancy, his article simply states:
An accessible kmem is non-secure.
If you wanted to pretend your system has "security through obscurity",
you will now have to take positive steps to fix your system. You
should have done this a year ago the last time a crack program was
posted. AT&T systems are configured this way (non-readable /dev/kmem)
by default, at least in System III and System V. I haven't looked
closely at our 4.2BSD tape, but if /dev/kmem and /dev/mem are readable
on the 4.2BSD distribution tape, Perry is right: this should be fixed.
Perry also seems to be right in that it requires something as
sensationalistic as posting a cracking program to cause administrators
to change their systems and to get Berkeley to change their
distribution.
A list of programs which need to be changed can be found in the article
<13795 at sri-arpa.UUCP> from Jay Leprau <lepreau at utah-cs>.
--
Tom Teixeira, Massachusetts Computer Corporation. Westford MA
...!{ihnp4,harpo,decvax,ucbcad,tektronix}!masscomp!tjt (617) 692-6200
More information about the Comp.unix.wizards
mailing list