Newsgroups: comp.unix.i386
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!usenet.ins.cwru.edu!ncoast!allbery
From: allbery@NCoast.ORG (Brandon S. Allbery KB8JRR/KT)
Subject: Re: SCO Unix security features
Reply-To: allbery@ncoast.ORG (Brandon S. Allbery KB8JRR/KT)
Organization: North Coast Public Access *NIX, Cleveland, OH
Date: Thu, 16 Aug 90 17:45:14 GMT
Message-ID: <1990Aug16.174514.2646@NCoast.ORG>
Followup-To: comp.unix.i386
References: <1990Aug13.101924.20284@robobar.co.uk> <1990Aug13. <881@mwtech.UUCP>

As quoted from <881@mwtech.UUCP> by martin@mwtech.UUCP (Martin Weitzel):
+---------------
| In article <165@edat.UUCP> root@edat.UUCP (Superuser) writes:
| Isn't one of the key principles of C2 security the following:
| 
| 	SECURITY MUST NOT BE ACHIEVED BY OBSCURITY
| 
| or in other words: Isn't any C2-secure system obliged to describe
| each and any method *how* their (until then only claimed) security
| is implemented?
+---------------

This obscurity isn't intended to enhance security; it's just SCO keeping its
(l)users fat, dumb, and happy.  I suspect the usual slaughter will follow at
some point as well....

+---------------
| system which documents its implementation in such a way that you can
| not find easily what you are looking for, may well be considered as
| one which trys to achieve security by obscurity and hence is *NOT*
| C2.)
+---------------

The manuals in question didn't even come with my system.  (grrr)  And even
with them, I have yet to find out how to do anything without writing a C
program, to be run as root in order to have permissions to massage the
authorizations database.

And you still haven't answered my biggest question:  why do I have to put up
with this *at all* when the machines I have to install and maintain this on
need nothing more than simple group vectors and /etc/shadow?

++Brandon

-- 
Me: Brandon S. Allbery			    VHF: KB8JRR/KT on 220 (soon others)
Internet: allbery@NCoast.ORG		    Delphi: ALLBERY
uunet!usenet.ins.cwru.edu!ncoast!allbery    America OnLine: KB8JRR