Path: utzoo!attcan!uunet!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!drmorris
From: drmorris@athena.mit.edu (David R Morrison)
Newsgroups: comp.unix.sysv386
Subject: Re: SCO doesn't sell UNIX
Message-ID: <DRMORRIS.90Dec10185729@copilot.mit.edu>
Date: 10 Dec 90 23:57:29 GMT
References: <1990Dec1.223750.16286@NCoast.ORG> <275A9A50.3F3F@tct.uucp>
	<2341@tabbs.UUCP> <1990Dec08.224008.829@kithrup.COM>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 18
In-Reply-To: sef@kithrup.COM's message of 8 Dec 90 22:40:08 GMT

In article <1990Dec08.224008.829@kithrup.COM> sef@kithrup.COM (Sean Eric Fagan) writes:

>  The implementation of C2 that SCO went with *sucks*.

I wrestled with SCO last summer, and what amused me most was that they
went to an extreme to make the machine (kernel/os) secure, and practicly
ignored making a distributed system secure.

Using NFS, by being root on my machine alone, I could access nearly
anyone's files by frobbing my uid.  One of my jobs was to set up
printing; their solution to distributed printing (I had a FAX, straight
from support) was along the lines of becoming user 'lp' on the print
server, and doing an rsh to submit the job as 'lp' on the print server.
It wasn't difficult to forge becoming 'lp' there.

This is a C2 secure system?

		Dave Morrison