hosts.equiv considered harmful (was Re: bin owning files)
99700000
haynes at ucscc.UCSC.EDU
Sun Nov 20 05:32:32 AEST 1988
In article <185 at bnr-fos.UUCP> hwt at bnr-public.UUCP (Henry Troup) writes:
>I just checked my SunOS 4.0 *distribution tape* hosts.equiv. The
>file consists of "+\n". A quick RofTFM shows that this means
>***trust everyone*** Surprise!
>
>So- In light of the worm, and this, we should realize that out-of-the-
>box systems are not well secured.
At the recent Usenix security workshop this was the #1 complaint that
we asked the vendors present to take back to their companies. There was
one man from Sun there - most other vendors were less well represented.
A second point was that vendors ought to have one contact person for
all security-related problems, rather than farming them out to developers
who handle the individual pieces of software separately.
haynes at ucscc.ucsc.edu
haynes at ucscc.bitnet
..ucbvax!ucscc!haynes
"Any clod can have the facts, but having opinions is an Art."
Charles McCabe, San Francisco Chronicle
More information about the Comp.unix.wizards
mailing list