Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!stanford.edu!agate!darkstar!felix!haynes
From: haynes@felix.ucsc.edu (99700000)
Newsgroups: comp.unix.wizards
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <15144@darkstar.ucsc.edu>
Date: 29 Apr 91 05:30:03 GMT
References: <7310@segue.segue.com> <564@appserv.Eng.Sun.COM>
Sender: usenet@darkstar.ucsc.edu
Organization: University of California, Santa Cruz Open Access Computing
Lines: 22


In article <564@appserv.Eng.Sun.COM> lm@slovax.Eng.Sun.COM (Larry McVoy) writes:
>
>Is all this fuss really worth it?  I hate to appear caveliar and I
>don't speak for Sun, just as a user, but does anyone really care?  OK,
>anyone except the Feds?  Yeah, the system is insecure.  In many
>places.  It seems to me that worrying about anti-social behavior
>through tty's is the least of our problems.

I think it depends a lot on the situation where the system is used.
In a business environment you care a lot about keeping out unauthorized
people; but you can expect the authorized users to be well-behaved
toward one another.  In the academic environment we don't worry so much
about keeping out unauthorized users - we have thousands of legitimate
users, and we can be sure some of them are going to give out their
passwords to others.  But we have lots of naive users, and some mischievous
users, and some malicious users, and some sets of feuding users; and
we would rather have the system do what it can to protect them rather
than have them all come crying to the management about the abuse they are
getting at the hands of other users.  Even in the business world
you may need to worry about harassment and unauthorized access by
authorized users.