Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information...
Message-ID: <1991Mar20.183922.9660@mp.cs.niu.edu>
Date: 20 Mar 91 18:39:22 GMT
References: <1991Mar18.200957.166@gacvx2.gac.edu> <1991Mar20.165442.7210@ux1.cso.uiuc.edu>
Organization: Northern Illinois University
Lines: 21

In article <1991Mar20.165442.7210@ux1.cso.uiuc.edu> edotto@ux1.cso.uiuc.edu (Ed Otto) writes:
>
>But seriously,I think that this is not a problem as mine is the same way.

 Don't assume that just because your system comes standardly set up in a
certain way, there are no problems with that setup.  Vendors are notorious
for providing systems which are highly secure when set up on a private
network with only one user, but in which security breaks down in more
practical environments.

 As an example, at least one has made a practice of supplying systems with
a default setup such that if you connect the system to Internet and make
a DNS resolver function available in the recommended way, just about anyone
with root access on any Internet machine can quickly break in.  For all I
know they are still supplying systems with this setup.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940