What makes one problem more significant (was tty security problems ...)

Jerry M. Carlin jmcarli at PacBell.COM
Wed May 15 08:51:58 AEST 1991


In article <16155 at smoke.brl.mil> gwyn at smoke.brl.mil (Doug Gwyn) writes:
>I guarantee that there are other security problems on most versions
>of UNIX besides the one you've been carrying on about.  What makes
>that one problem so much more significant than the others?

There are also security problems with MVS/RACF. especially if you are
not VERY VERY careful setting it up such as SVC's leaving people in supervisor
state for example and careless use of "RACF SPECIAL" for another.

But more to the point, you've raised a VERY good question. I'd rank
significance in 3 levels but would be interested in other's opinions (how's
that for having an open mind :-) This ranking assumes I trust people I know
more than "strangers" and want to limit access to the system. Obviously
such things as "anonymous ftp" are not included but for "production" or
"critical" computers, the most important to me is limiting access.

The next is to limit access to root and other's IDs. Finally I'd put
everthing else in a major category. I'd rank the tty bugs in #2 and #3
since snarfing root's password is possible as well as annoying people
by sending trash to their screen.

Summary:
	1. remote access without knowing id/password.
	2. getting access to other ID's especially root.
	3. the rest

--
Jerry M. Carlin	(415) 823-2441 jmcarli at srv.pacbell.com
To dream the impossible dream. To fight the unbeatable foe.



More information about the Comp.unix.wizards mailing list