Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!umich!samsung!usc!apple!snorkelwacker!bloom-beacon!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX? (Re: Stupid man pages)
Message-ID: <1990Jun12.234942.4798@athena.mit.edu>
Date: 12 Jun 90 23:49:42 GMT
References: <1990May23.100928.10699@agate.berkeley.edu> <720017@hpclapd.HP.COM>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 25

In article <720017@hpclapd.HP.COM> defaria@hpclapd.HP.COM (Andy
DeFaria) writes:
>I  don't know how many  ways there are in Unix   to read a  file you're not
>supposed to be able to read but if there are any then they are holes in the
>files system itself.

  Exactly.  There are quite a few known bugs in various
implementations of Unix, some of which ban be exploited as security
holes, and many of which have not yet been fixed by many vendors.

  In addition, there are probably bugs that we don't know about, and
some of them can be exploited as security holes.

  Finally, vendors are always developing Unix, and I'm sure that
you'll agree that with development comes new bugs, some of which
aren't discovered for some time, and some of which can be exploited as
security holes.

  Given all this, I think that any security which depends on the
unreadibility of one file is flawed.

Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8495			      Home: 617-782-0710