Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!cs.utexas.edu!uwm.edu!rpi!batcomputer!rogerj From: rogerj@batcomputer.tn.cornell.edu (Roger Jagoda) Newsgroups: comp.unix.questions Subject: Re: How secure is UNIX? Keywords: Security, ftp Message-ID: <10401@batcomputer.tn.cornell.edu> Date: 10 Jun 90 22:49:48 GMT References: <100928@<1990May23> <9000030@m.cs.uiuc.edu> <1990May28.102235.10021@agate.berkeley.edu> <6365@amelia.nas.nasa.gov> <1990May29.022854.22733@smsc.sony.com> <6368@amelia.nas.nasa.gov> <1931@aurora.cs.athabascau.ca> Reply-To: rogerj@tcgould.tn.cornell.edu (Roger Jagoda) Followup-To: comp.unix.questions Organization: Cornell Theory Center, Cornell University, Ithaca NY Lines: 27 In article <1931@aurora.cs.athabascau.ca> lyndon@cs.AthabascaU.CA (Lyndon Nerenberg) writes: >samlb@pioneer.arc.nasa.gov.UUCP (Sam Bassett RCS) writes: > >> I agree -- the documentation should be more straightforward about >>the dangers of the .netrc, and for d**n sure, whoever is teaching kids >>about UNIX should point out the problem -- especially at Berkeley. > >.netrc is an ugly BOTCH and should be removed from ftp. I guess I >have something to do this afternoon ... Wait, the .netrc file DOES have a good use--anonymous FTP sites. I mean how many times do you REALLY want to type ANONYMOUS anyway. Sam's right, the UCB kids just need better teaching about the tool, although, UNIX has this problem in other tools too. Just MHO. As for the passwd file being readable by ANYONE, there's no argument I know of that can be presented for why that EVER was a good idea. If a file is readable it is useable, or MIS-useable. Novell, VMS, IBM OSes all have similar files that are NOT readable...for good reasons. Now, shadow passwd files are part of the solution, allowing the OS to get by with a passwd file with attributes of 600 is another part and doing away with the file altogether is the BEST part! -- ------------------------------------------------------------------------------ Roger Jagoda -- My employers don't even like paying Cornell University me, let alone accept responsibility fqoj@cornella.cit.cornell.edu for anything I say or do! --