Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!rutgers!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.brl.mil (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: What makes one problem more significant
Message-ID: <16164@smoke.brl.mil>
Date: 15 May 91 22:26:14 GMT
References: <25239:May1416:21:3591@kramden.acf.nyu.edu> <16155@smoke.brl.mil> <1991May14.225158.8265@PacBell.COM>
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 17

In article <1991May14.225158.8265@PacBell.COM> jmcarli@PacBell.COM (Jerry M. Carlin) writes:
>	1. remote access without knowing id/password.
>	2. getting access to other ID's especially root.
>	3. the rest

I'm not sure I quite understood these categories.  Are they the same as:
	1. secure against attack by outsiders
	2. secure against attack by insiders
	3. secure against accidents
In these terms, we generally consider category #2 to be something that
can be dealt with by administrative action, and category #3 is expected
to be handled by the operating system.  The login password system ought
to be sufficient to cope with category #1; however, with the advent of
.rhosts and NFS there are a lot of new holes to plug.

I think Dan was going after a problem in category #2, which I don't
find particularly interesting.