Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!rutgers!att!linac!midway!mimsy!prometheus!media!ka3ovk!raysnec!shwake
From: shwake@raysnec.UUCP (Ray Shwake)
Newsgroups: comp.unix.sysv386
Subject: C2 and Networking <was: SECURITY BUG IN INTERACTIVE UNIX SYSV386>
Keywords: BAD BUG
Message-ID: <249@raysnec.UUCP>
Date: 15 Feb 91 19:32:52 GMT
References: <483@stephsf.stephsf.com> <6913@rsiatl.Dixie.Com> <1854@chinacat.Unicom.COM> <491@stephsf.stephsf.com>
Organization: IRS/CI - Technical Solutions Branch
Lines: 14

wengland@stephsf.stephsf.com (Bill England) writes:

>   As for the Uucp I believe that having strict C2 requires NOT using
>   UUCP and disallowing ftp.  I'm not sure if TCP/IP would be 
>   considered a C2 security violation and even running an xterm may
>   be a problem.

I don't think this is true, at least in the case of UUCP. What, after all,
is the difference between a uucp login and a user login? Both operate under
the various discretionary access controls, audits, etc. associated with
C2. FTP may be another story however.

-----------  
uunet!media!ka3ovk!raysnec!shwake				shwake@rsxtech