Looking for info on UNIX security holes...
Mark Frost
humtech at ucschu.ucsc.edu
Fri Feb 23 14:50:29 AEST 1990
[Moderators Note: I've seen some postings from you in search of a public-
access UN*X site in the Bay Area. This may damage your credibility. - Der]
This may be a touchy subject as this is definitely considered to be
sensitive information, but here goes....
I'm writing a paper for a graduate class called Advanced Operating Systems.
I am interested in writing my final paper for the class on "UNIX
security holes". I've read Clifford Stoll's excellent book "The Cuckoo's
Egg" as well as Gene Spafford's paper on the network worm of a year or
so ago. I've also picked up Clifford Stoll's paper "Stalking the Wiley
Hacker" from the CACM (although I've not yet read it) and I'm perusing
old issues of comp.risks.
I'd like any references or information that people can give me regarding
possible "holes" in UNIX's security system. This can be relating to any
interpretation of the word "security". I would prefer info relating
specifically to BSD, but anything relating to AT&T UNIX would also
be appreciated. Also, this information may relate to older versions of
these operating systems that may have since been fixed. Absolutely any
references or experiences that people have had would be immensely
appreciated. I'm not so much interested in "send this stream of bytes to
the paging daemon and such and such will happen", but I'm more interested
in the security issues such as the lack of buffered input that (as well as
other issues) allowed the internet worm to spread itself.
If some of the methods/techniques/issues are not too time consuming or
destructive I may try some of them out on the UNIX system on which I am
a co-system administrator.
*****
Please, please, please don't flame me on this. I have had to resort to a net
posting as there is not much published material (at least that I can find) on
this subject. I am not trying to get this information with the intent
to go on any sort of crime spree. I understand asking this is like asking
what the best way to break into someone's house is and I realize that
many net.readers will be hesitant if not hostile about this request.
Please respond via e-mail.
Thanx for your time
Mark Frost
Office of the the Computing Coordinator
Humanities Division
University of California at Santa Cruz
Santa Cruz, California 95064
(408) 459-4603
Internet: humtech at ucschu.UCSC.EDU
Bitnet: humtech at ucschu.bitnet
Uucp: ...!ucbvax!ucscc!ucschu!humtech
More information about the Comp.unix
mailing list