tty security problems under SunOS 4.1 and SunOS 4.1.1

Doug Gwyn gwyn at smoke.brl.mil
Wed May 15 06:09:02 AEST 1991


In article <25239:May1416:21:3591 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>In the long term: SunOS is still insecure, and a sufficiently dedicated
>cracker can and will be able to get past tty security no matter how many
>other holes you close. It is inexcusable for Sun to leave this open.

Why?  Has Sun made any promises about absolute security of SunOS?
For example, are they claiming B2 certification for it?

I've always had the impression that UNIX was intended for resource
sharing much more than for resource hiding, and that the security
mechanisms were meant to prevent accidental problems, not dedicated
attacks.

I guarantee that there are other security problems on most versions
of UNIX besides the one you've been carrying on about.  What makes
that one problem so much more significant than the others?



More information about the Comp.unix.wizards mailing list