Morris Tech Report
dmr at alice.UUCP
dmr at alice.UUCP
Sat Nov 12 17:10:32 AEST 1988
Those interested in earlier works of Robert T. Morris,
or interested in network security in general, might wish
to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
4.2BSD Unix TCP/IP Software," by Robert T. Morris,
dated Feb. 25, 1985. An abstract of the abstract:
... [E]ach 4.2BSD system "trusts" some other set of other
systems, allowing users logged into trusted systems to
execute commands via a TCP/IP network without supplying
a password. These notes describe how the design of TCP/IP
and 4.2BSD implementation allow users on untrusted and
possibly very distant hosts to masquerade as users on
trusted hosts. Bell Labs has a growing TCP/IP network
connecting machines with varying security needs;
perhaps steps should be taken to reduce their vulnerability
to each other.
This technical report, as well as others, may be ordered by writing to
Ellen Stark
Room 2C579
AT&T Bell Laboratories
600 Mountain Ave.
Murray Hill,
NJ 07974
These reports are free of charge.
Dennis Ritchie
research!dmr
dmr at research.att.com
More information about the Comp.unix.wizards
mailing list