Xref: utzoo comp.unix.internals:2287 comp.unix.admin:1161 Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwm.edu!cs.utexas.edu!execu!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.internals,comp.unix.admin Subject: Re: Unix security additions Summary: Delays in implementing features and a lack of agreement ... Message-ID: <19099@rpp386.cactus.org> Date: 10 Mar 91 16:11:18 GMT References: <39950@cup.portal.com> <565@rufus.UUCP> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 52 X-Clever-Slogan: Recycle or Die. In article <565@rufus.UUCP> drake@drake.almaden.ibm.com writes: >I don't know about "unix" in general ... looking at AIX V3 in particular, >I suspect they are: Regretably most of what you mention here was done first either by someone else, or done a long time ago. Worse, most of the vendors involved in activities you describe below can't agree how to do it in the first place. >o Access Control Lists (ACLs) on individual files. Multics comes to mind ... >o Getting the passwords where they can't be publically read This was done for AIX v2, but has also been done with SVR3.2 and BSD. No one has solved certain problems with transparency - that is, making shadowed passwords look and feel like old-style publically readable passwords. This means all the programs that used to think pw_passwd was valid are wrong ;-(. Making matters worse, AT&T, BSD, and IBM all fail to converge on a single mechanism (and AT&T fails to agree on a single file format for there various releases). So you have a non-standard, non-transparent feature ... >o Telling me when I log on when the last time I logged on was, > and how many times someone has tried to log onto my account > with an invalid password since I last logged on. This has been a VAX/VMS feature for quite a while, and has been available in public domain UNIX login systems for several years. One neat thing IBM has added is event auditing so password failures can be monitored and handled in real time. On the bad side, they don't use syslog(), so BSD people are left out cold. >o Eliminating setuid shell scripts IBM has yet to actually do this, although BSD has recommended you don't use the feature and AT&T has allegedy fixed the holes and put them back. It is still possible in AIX v3 to exploit the same old security holes in setuid shell scripts that existed years ago in BSD setuid shell scripts. The next four security features to be added will be doing the above four correctly and in a manner which the entire industry can agree upon. There is nothing worse than a feature that is useless because it acts different ways on different platforms. -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "I've never written a device driver, but I have written a device driver manual" -- Robert Hartman, IDE Corp.