Major security problem in the UA: looking for a real fix

eric townsend erict at flatline.UUCP
Sun Feb 14 09:49:10 AEST 1988


In article <114 at hodge.UUCP>, rusty at hodge.UUCP (Rusty Hodge) writes:
[Some stuff on security...]
> Let's face it: the UA is *evil*.  Get rid of it. Hide it in a nested directory
> and take away its execute privledges.  Make it go away.
> 
> Root will still be able to get to most of those nifty UA-run programs for
> screen-oriented system administration. :->


I agree, UA is evil.  I use it on my console, but don't allow dial-ups
to use it.

A few comments:

If you're going to have a multi-user UNIX-PC, make sure you trust the users
and they trust each other.  My last place of employment had no problem
with security because everybody worked together. (The few rare times
we multi-user'd a 3b1, that is.)

Don't multi-user it.  If you're going to have dial-up lines to run, say,
a bbs, have the person execute the bbs on login and keep them away
from shell access.

Or just get rid of the 3b1 and buy a Connection Machine... :-)
-- 
Just say NO to skate harassment. | Just another journalist with too much
If I wish really hard, will IBM go away forever?        | computing power..
Girls play with toys. Real women skate. -- Powell Peralta ad
J. Eric Townsend ->uunet!nuchat!flatline!erict smail:511Parker#2,Hstn,Tx,77007



More information about the Unix-pc.general mailing list