Serious potential security problem. (was Re: BSD tty security, part 3: How to Fix It)
Joshua Osborne
stripes at eng.umd.edu
Thu May 2 10:28:27 AEST 1991
In article <1991May1.140953.20081 at mp.cs.niu.edu> rickert at mp.cs.niu.edu (Neil Rickert) writes:
>
> Why are we worrying about somebody sneaking in through a tiny crack in the
>basement, when the front door is swinging wide open.
[...]
> Face it. That '+' in hosts.equiv is not safe now, never was safe, probably
>never will be safe. As long as vendors insist in this misfeature, TTY
>problems seem unimportant by comparison.
Yes, but we aready fixed that, and I am sure many others have as well. We
hadn't heard of the tty problems untill just recently (well, allright, I
had, I read it a while ago on comp.unx.wizards, and played with it on a
VAX, but I had assumed it was fixed by the time I became an admin.). Just
because someone has a gun pointed to your head doesn't mean you can safely
ignore the one that is pointed at your heart...
--
stripes at eng.umd.edu "Security for Unix is like
Josh_Osborne at Real_World,The Multitasking for MS-DOS"
"The dyslexic porgramer" - Kevin Lockwood
"CNN is the only nuclear capable news network..."
- lbruck at eng.umd.edu (Lewis Bruck)
More information about the Comp.unix.wizards
mailing list