Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!BU-CS.BU.EDU!bzs From: bzs@BU-CS.BU.EDU.UUCP Newsgroups: mod.protocols.tcp-ip Subject: My Broadcast Message-ID: <8704082052.AA02897@bu-cs.bu.edu> Date: Wed, 8-Apr-87 15:52:50 EST Article-I.D.: bu-cs.8704082052.AA02897 Posted: Wed Apr 8 15:52:50 1987 Date-Received: Sat, 11-Apr-87 06:23:19 EST References: <8704081136.AA24197@bu-cs.bu.edu> Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 81 Approved: tcp-ip@sri-nic.arpa >...If Unix is still vulnerable >after a decade of availability should we ever expect it to be safe? Look folks, we're really flying off the handle here on innuendo and virtually no facts. Let me try to rehash what I believe happened that started all this: Sun provided a utility, rwalld, which is a daemon which listens for certain informatory message broadcasts on a network (such as a scheduled system shutdown) and displays them on terminals. This was an extension of the single system 'wall' (Write ALL) program that most UNIX systems come with. Wall, as it is standardly provided, is not the issue. Most O/S's come with some utility to broadcast a message within a local system (ie. no network involved.) Sun simply extended this service to a network facility (leaving the older method intact, thus it was an optional extension.) The security breach was that someone discovered that many systems were configured to accept these broadcasts fairly indiscriminately. This, in turn, was due not to a lack of security inherent in the system, but the fact that the way the system comes off the tape it allows this. All O/S's come off of distribution tapes inherently insecure (eg. super-user password is typically generic or null.) There is a facility (netgroups) which is supposed to be set up by the concerned system administrator with those machine groups who are to be allowed to issue such broadcasts (well, that's a little backwards, you list the systems who you will accept such messages from.) So, in complete contradiction to Mark Crispin's analysis, it was not the "random gurus" who were the problem in finding an unclosed security hole but, rather, the sysadmins who never even opened the manuals to find out what daemons they were running and how to administer security (there aren't that many, look at your start-up files and services/servers files.) Or, perhaps as was the case with my system (which received the broadcast) they didn't particularly care if someone sent such a message and viewed it in the same light as someone sending mail to someone who didn't want it, a nuisance that could be dealt with easily if a problem arises (I am still not convinced there is much of a problem with this particular event.) We never really took a vote on how many people even agree that a security breach worthy of concern has occurred on their system, even that fundamental observation remains an opinion. Thus, as is almost always the case with system security, it was not the fault of the system providers but entirely the fault of those charged with the responsibility of maintaining the system, if they were concerned about this (later) then they have only themselves to blame. They simply left the barn door wide open, ignoring the door, the lock and the key. To add insult to the system administrator's injury, not only was it within their normal administrative power to limit such an event with a simple file edit, they never even had to run the utility at all. It is purely icing on the cake to find out about other system's status changes on your network and can be removed by adding one comment character to one line in the system's start-up file with no real ill effect on the operation of the system (remember, only SUN's UNIX even has this particular utility.) I really wish that people who send notes discussing these issues would ask themselves if their notes actually contain any factual information. If nothing else, this whole interchange has pointed out how ill-informed many folks are about security management on various systems and how they have turned to folk tales and philosophizing to supplant that void. This, in my opinion, is a far worse problem. I do not deny that there are security and integrity problems on an internet. I only claim that little of the discussion I have seen has moved us any closer to measuring and rectifying the problems instead of just finding someone to blame (we has met the enemy and they is us.) -Barry Shein, Boston University