Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!sdd.hp.com!hplabs!hpda!hpcuhb!hpcllla!hpclisp!defaria@hpclapd.HP.COM
From: defaria@hpclapd.HP.COM (Andy DeFaria)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX? (Re: Stupid man pages)
Message-ID: <720017@hpclapd.HP.COM>
Date: 11 Jun 90 20:11:41 GMT
References: <1990May23.100928.10699@agate.berkeley.edu>
Organization: Hewlett-Packard Calif. Language Lab
Lines: 18

>/ hpclapd:comp.unix.questions / jik@athena.mit.edu (Jonathan I. Kamens) /  1:30 am  Jun 10, 1990 /

>  Oh, jolly good.  So now you're proposing to take all the passwords
>(or, at least, encrypted passwords) and put them in an /etc/shadow
>file, but other than the fact that the file isn't world-readable, the
>rest of the scenario I described is correct, right?

If you can't get  the password because you can't  read it then you scenario
fails. 

>  In that case, you're basing the entire security of your system on
>the readability or non-readability of one file.  Do you know how many
>ways there are in Unix to read a file you're not supposed to be able
>to read?  Or to read portions of that file?

I  don't know how many  ways there are in Unix   to read a  file you're not
supposed to be able to read but if there are any then they are holes in the
files system itself.