Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!mcsun!ukc!stl!robobar!ronald
From: ronald@robobar.co.uk (Ronald S H Khoo)
Newsgroups: comp.unix.sysv386
Subject: Re: SCO UNIX C2 Security Issues
Message-ID: <1990Dec29.005544.6641@robobar.co.uk>
Date: 29 Dec 90 00:55:44 GMT
References: <29029@usc> <277916E3.2042@tct.uucp> <29044@usc>
Organization: Robobar Ltd., Perivale, Middx., ENGLAND.
Lines: 26

annala@neuro.usc.edu (A J Annala) writes:

> In article <277916E3.2042@tct.uucp> chip@tct.uucp (Chip Salzenberg) writes:
 
> Could someone describe exactly what sysadmsh-->system-->relax actually does
> and what more it should do to disable C2 security for software developers?

I'd appreciate a definitive answer to this question too.

One thing it does do is to use default.unix instead of default.c2 as default in
/etc/auth/system.  I use neither -- I think I added some extra default
permissions to mine -- those of you who read the script I use to process
/etc/passwd would have noticed that I don't put explicit permissions in
/tcb/files/auth/?/* but just set the default to include the permissions I want
since it's a lot easier to maintain things that way -- in case SecureWare
decide to increase the number of explicit permissions needed at some future
downgrade, I can just adjust it in one place.  Actually, I hope by then I'd
have another UNIX.

Does anyone know if u_secclass does anything in the current SCO releases ?
I remember someone saying that making it "d" and rebooting made a difference
to them (was it Brandon?) but I can't seem to find any difference.

Happy New Year to one and all.  Even the guys at SecureWare.  Yeah, why not.
-- 
ronald@robobar.co.uk +44 81 991 1142 (O) +44 71 229 7741 (H)