Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!ncar!gatech!rutgers!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.brl.mil (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: tty security problems under SunOS 4.1 and SunOS 4.1.1
Message-ID: <16155@smoke.brl.mil>
Date: 14 May 91 20:09:02 GMT
References: <25239:May1416:21:3591@kramden.acf.nyu.edu>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 16

In article <25239:May1416:21:3591@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In the long term: SunOS is still insecure, and a sufficiently dedicated
>cracker can and will be able to get past tty security no matter how many
>other holes you close. It is inexcusable for Sun to leave this open.

Why?  Has Sun made any promises about absolute security of SunOS?
For example, are they claiming B2 certification for it?

I've always had the impression that UNIX was intended for resource
sharing much more than for resource hiding, and that the security
mechanisms were meant to prevent accidental problems, not dedicated
attacks.

I guarantee that there are other security problems on most versions
of UNIX besides the one you've been carrying on about.  What makes
that one problem so much more significant than the others?