Path: utzoo!attcan!uunet!aplcen!haven!adm!news From: postmaster@sandia.gov (SMTP MAILER) Newsgroups: comp.unix.questions Subject: Mail not delivered yet, still trying Message-ID: <23545@adm.BRL.MIL> Date: 6 Jun 90 15:24:13 GMT Sender: news@adm.BRL.MIL Lines: 349 ----Mail status follows---- Have been unable to send your mail to , will keep trying for a total of three days. At that time your mail will be returned. ----Transcript of message follows---- Date: 5 Jun 90 05:03:00 MDT From: info-unix@BRL.MIL Subject: INFO-UNIX Digest V10#052 To: "jnjortn" Return-Path: Received: from SEM.BRL.MIL by sandia.gov with SMTP ; Tue, 5 Jun 90 04:59:10 MDT Received: from SEM.BRL.MIL by SEM.BRL.MIL id ab06444; 5 Jun 90 6:06 EDT Received: from sem.brl.mil by SEM.BRL.MIL id aa06436; 5 Jun 90 5:45 EDT Date: Tue, 05 Jun 90 05:45:19 EST From: The Moderator (Mike Muuss) To: INFO-UNIX@BRL.MIL Reply-To: INFO-UNIX@BRL.MIL Subject: INFO-UNIX Digest V10#052 Message-ID: <9006050545.aa06436@SEM.BRL.MIL> INFO-UNIX Digest Tue, 05 Jun 1990 V10#052 Today's Topics: Re: How secure is UNIX? Re: SEX! or, how do I mail to a lot of unix users? Re: REVISED: How do I send e-mail to lots of users at a remote unix site? Re: Unix for PDP-11/23 Abnormal Cron Behavior -- very strange. Using RCS and make Re: Unix for PDP-11/23 Re: How secure is UNIX? ----------------------------------------------------------------- From: Dan KoGai Subject: Re: How secure is UNIX? Keywords: Security, ftp Date: 4 Jun 90 10:24:22 GMT Sender: "USENET Administrator;;;;ZU44" To: info-unix@sem.brl.mil In article <36584@ucbvax.BERKELEY.EDU> lauther@janus.Berkeley.EDU.UUCP (Ulrich Lauther) writes: >In article <6368@amelia.nas.nasa.gov> samlb@pioneer.arc.nasa.gov.UUCP (Sam Bassett RCS) writes: >> >> I agree -- the documentation should be more straightforward about >>the dangers of the .netrc, and for d**n sure, whoever is teaching kids > >I just wonder why not the same technique is used with .netrc as with >/etc/passwd: have the file readable, but sensitive parts encrypted? I don't think so: I don't think /etc/passwd was a good idea: It's encrypted. So what? That means you can take time to feed random string to encryptor, which is available, then find the matching string. Maybe you can feed it from dict file--people's name makes big candidate for considerably many people choose their password from thier (boy|girl)friends' or spouses' names. What I don't understand is that my password is not a kind of string found on dict but it's still feasible to use "power" rather than "tech" to break secirity in UNIX. I admit my .netrc was not a good idea. But still I think it's possible for that moron to kill at least OCF account: Some others suggested that some of UNIX has a serious problem in user switching. One of my friends witnessed that he was accidentally su'd to somebody else. At very least finger info and passwd file must be saparated. If possible, it might be a good idea to hard-code secirity part of UNIX, that is, implement seciryty by hardware than software. On current system encrypted or not, precious password info is visible. How about ATM card way (I don't think it's valid idea--How about dialin?)--No one but card knows your password. there remains the problem in case of loss of cards or "keys" but it's at very least far more secure than current UNIX implementation of password. ---------------- ____ __ __ + Dan The "Raped" Man ||__||__| + E-mail: dankg@ocf.berkeley.edu ____| ______ + Voice: +1 415-549-6111 | |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A |___ |__|__| + |____|____ + "What's the biggest U.S. export to Japan?" \_| | + "Bullshit. It makes the best fertilizer for their rice" ----------------------------- From: Dan KoGai Subject: Re: SEX! or, how do I mail to a lot of unix users? Keywords: sex, batchmail Date: 4 Jun 90 11:41:12 GMT Sender: "USENET Administrator;;;;ZU44" To: info-unix@sem.brl.mil In article <900531083002.30e0d06c@Csa2.LBL.Gov> thermal%solgel.hepnet@CSA2.LBL.GOV writes: >I would like to be able to send a mail message to all the users on >a unix machine. Of course, I could do it the long way, that is, >do a 'finger' or 'who', thus getting a list of all the users, and >then sending a mail message to each, one at a time. Is there a >quicker way? (it seems to me there could be two or three different >ways, such as setting up a mailing list, or some nifty command that >will do this on one stroke of the finger). Obviously, I'm not a >unix guru or wizard, so make your explanation understandable, please. I advise aginst it: 1st of all it may clog /usr/spool/mail if you batchmail something big. 2nd of all UNIX offers several other utilities such as msgs to send messages to unspecific users. I say so because I'm an ex-con: I did it once and my professor axed me. It's considered antisocial as long as UNIX has alternate ways. But batchmail appears anytime before election of student sanate and I'm pissed to find those damn political campaigns on my already large mail file. However, since I am not a kind of person trying to secure things by keeping people ignorant, I'll show you just one example. This works only when your system uses /etc/passwd, which is a lot of cases but not necessarily true (most large sites use yp). On /etc/passwd, each users info is stored in each line, each field delimited by ':'. Login name appears 1st and that's the only thing you need. so only thing it takes is: Dana's prompt > mail `awk -F: '{print $1}' /etc/passwd` But this is hardly elegant, especially when you have too many accounts: it may cause your mail header to overflow. To avoid this, you can use following csh script (Sorry, I'm berkeleynian and not used to sh): #!/bin/csh -f #foo foreach address (`awk -F: '{print $1}' /etc/passwd`) mail $address < $1 end And invoke this script by "foo file-to-send". Careful! your /etc/passwd might contain bogus uses and my example has no fool-proof feature. to achieve it, just change awk script in there. If your site uses yp things are completely different but you still got the idea: The only trick is how to get all user names. But I repeat: Don't batchmail unless you have to: Use msgs or other utils. If you have local newsgroups, post there! Mail is supposed to be for personal uses and I hate direct mails and stuffs. ---------------- ____ __ __ + Dan The "ex-con" Man ||__||__| + E-mail: dankg@ocf.berkeley.edu ____| ______ + Voice: +1 415-549-6111 | |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A |___ |__|__| + |____|____ + "What's the biggest U.S. export to Japan?" \_| | + "Bullshit. It makes the best fertilizer for their rice" ----------------------------- From: Dan KoGai Subject: Re: REVISED: How do I send e-mail to lots of users at a remote unix site? Date: 4 Jun 90 11:54:07 GMT Sender: "USENET Administrator;;;;ZU44" To: info-unix@sem.brl.mil In article <900531093335.30e0f102@Csa2.LBL.Gov> thermal%solgel.hepnet@CSA2.LBL.GOV writes: > >I would like to be able to send a mail message to all the users on >ANOTHER unix machine via Internet. Of course, I could do it the long >and tedious way, that is, by sending a mail message to each user, one >at a time. Is there a quicker way? (it seems to me there could be two >or three different ways, such as setting up a mailing list file on my >machine which will automatically mail the message to all on the list, >or sending one message to the remote machine and somehow instruct it >to distribute the message to all the users). Obviously, I'm not a >unix guru or wizard, so make your explanation understandable, please. > In my last followup, I said "you'd better not do that" and that time I was assuming you just wanted to batchmail locally. Now you are asking for doing it remotely. I say "don't do it!" Batchmail in local site alone is anti-social enough. Batch-remote mail sounds as guily as a crime: It would end up with clogging network. One day I posted same article to another newsgroup (How secure is UNIX?) because I forgot to crosspost and got a dozen mails criticizing that. My mistake is nothing compared to what you are tring to do. And to make matters worse, it could be as easy as the case of local batchmailing: The only thing you need is list of address and there are many ways to do that: I don't think you can get remote list unless you have the remote account and read access to /etc/passwd or yp but still this can be resolved if you have a friend in remote site and have her/him mail the list to you. The only thing we can depend on net traffic is conscience of each users so far. I can't criticize you because I am not 100% innocent but the fact remains. Plus why do you need it? We already have netnews if you need to broadcast something. Please don't abuse e-mails. ---------------- ____ __ __ + Dan The "ex-con" Man ||__||__| + E-mail: dankg@ocf.berkeley.edu ____| ______ + Voice: +1 415-549-6111 | |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A |___ |__|__| + |____|____ + "What's the biggest U.S. export to Japan?" \_| | + "Bullshit. It makes the best fertilizer for their rice" ----------------------------- From: Doug Toppin Subject: Re: Unix for PDP-11/23 Date: 4 Jun 90 15:15:14 GMT Followup-To: poster To: info-unix@sem.brl.mil In article <31@mhinfo.UUCP>, carrato@mhinfo.UUCP ( tony carrato) writes: > A friend has a PDP-11/23 sitting in a closet at home. We were wondering We use extensively something called Ultrix-11 on the 11/73. It is not bad. DEC used to sell it but I believe that they just stopped supporting it. You might be able to get it for free from them. Doug Toppin uunet!melpar!toppin ----------------------------- From: Meek Subject: Abnormal Cron Behavior -- very strange. Keywords: cron Date: 4 Jun 90 18:52:54 GMT To: info-unix@sem.brl.mil Our cron seems to be acting a little strange: When we do a crontab -l it lists all the entries that we have queued up using the crontab command. But according to the log only some of them are being executed. Another strange thing is when we try to restart the cron after it is already running it comes back with the following message: ! cannot start cron; FIFO exists Wed Dec 31 19:00:09 1969 ! ******* CRON ABORTED ******** Wed Dec 31 19:00:09 1969 Notice the date -- 1969! this is definitely not correct and does not correspond to the system time or the time stamp of the /usr/lib/cron/FIFO file which looks like this: prw------- 1 root other 0 Jun 1 14:04 /usr/lib/cron/FIFO We are running AT&T System V 3.2.2 on a 3B2/600G if that helps. Please Email any suggestions or ideas to me and I will summarize. Thanks Kevin Meek Comprehensive Technologies Int'l Inc. 2121 Crystal Drive Suite #103 Arlington, VA 22202 uunet!cit1!kmeek OR cti1!kmeek@uunet.uu.net ----------------------------- From: Michael R Tucker Subject: Using RCS and make Keywords: RCS, make, unix, version control Date: 4 Jun 90 16:37:58 GMT Sender: mrt7455@evtprp0b.uucp Followup-To: comp.lang.c To: info-unix@sem.brl.mil I am looking into using RCS for version control of my software projects. I would like to know how to use RCS and make together. If any one can help me, I'd sure appreciate it. I would like to see an example makefile using RCS. ----------------------------- From: David Taylor Subject: Re: Unix for PDP-11/23 Date: 4 Jun 90 16:44:42 GMT Followup-To: comp.sys.dec To: info-unix@sem.brl.mil I would also be interested in locating a copy of unix for an 11/23 , Especially BSD (I have a license but no code it was lost before my time when they upgraded one of our systems) Thanks for any info.. Dave ------------------------------------------------------------------------------ > David Taylor, Senior Systems Operator | My opinions are my own and my boss < > University of Portland | Likes it that way..................< > School of Engineering | E-Mail: < > 5000 N Willamette Blvd. | UUCP: ...!tektronix!upvax!dave < > Portland Or. 97203-5798 | ph: (503) 283-7309 < ------------------------------------------------------------------------------ ----------------------------- From: Boyd Roberts Subject: Re: How secure is UNIX? Keywords: Security, ftp Date: 5 Jun 90 00:59:39 GMT ley.edu> To: info-unix@sem.brl.mil In article <1990Jun4.102422.12896@agate.berkeley.edu> dankg@tornado.Berkeley.EDU (Dan KoGai) writes: > > I don't think so: I don't think /etc/passwd was a good idea: It's >encrypted. So what? That means you can take time to feed random string to >encryptor, which is available, then find the matching string. > Dan, my man you seem to have jumped to the conclusion that UNIX isn't secure because someone broke into your account and blew away your files. How this was done would appear to be attributable to stupidity, and not to underlying flaws in UNIX password security. At this point I'd like to make the distinction between UNIX password security and the various `security' of IP based networking utilities. With those, there is _no_ security. I think RTM and various others have proved this beyond a shadow of a doubt. UNIX password security is secure, provided you have chosen a reasonable password. Sure, you can snarf /etc/passwd and try a dictionary attack. But, you have to get access to the machine first. Without access to the machine it's near impossible to break. Shadow password files nullify this method of attack, although I don't like this password file dichotomy. The bottom line is that password security works. Most systems aren't broken into. The ones that are broken are usually compromised by some sloppy (ie. networking) utility or a flawed UNIX port. So Dan, a piece of advice: $@$*$H$7$^$((J $@$*(J $@$D$1$F(J! Boyd Roberts boyd@necisa.ho.necisa.oz.au ``When the going gets wierd, the weird turn pro...'' ----------------------------- End of INFO-UNIX Digest ***********************