Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!we13!ihnp4!zehntel!tektronix!hplabs!sri-unix!obrien@Rand-Unix.ARPA
From: obrien@Rand-Unix.ARPA
Newsgroups: net.unix-wizards
Subject: Re: Restricting network access
Message-ID: <12194@sri-arpa.UUCP>
Date: Wed, 11-Apr-84 12:38:00 EST
Article-I.D.: sri-arpa.12194
Posted: Wed Apr 11 12:38:00 1984
Date-Received: Tue, 17-Apr-84 06:58:46 EST
Lines: 12


	All network access in any version of UNIX that I've ever seen is
done by way of special files.  This includes 4.2.  Just have protection
660 on all network files, and have them owned by a group "network".  Then,
make authorized users a member of that group.  A similar scheme is necessary
(and also not present in 4.2) to protect terminals against a pernicious
type of security attack (due to the current ANSI standard for CRT terminals).

	Of course, you can also have socket entities out there in the file
system, and if you do as the folks at BRL have suggested (change the
semantict of "open()" so that a "connect()" is done automatically when
you hit one), then you have to make other provisions.  Most such "portals"
are only used on a local net, though, and not the Internet.