Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!yetti!geac!daveb
From: daveb@geac.UUCP (Brown)
Newsgroups: comp.unix.xenix,comp.sources.wanted,comp.unix.questions
Subject: Re: Ethernet watcher (was: tty watcher)
Message-ID: <1425@geac.UUCP>
Date: Sun, 20-Sep-87 11:35:26 EDT
Article-I.D.: geac.1425
Posted: Sun Sep 20 11:35:26 1987
Date-Received: Sun, 20-Sep-87 18:36:29 EDT
References: <4263@ozdaltx.UUCP> <15136@hi.UUCP> <1903@ttrdc.UUCP>
Reply-To: daveb@geac.UUCP (Dave Collier-Brown)
Followup-To: comp.sources.wanted
Organization: The little blue rock next to that twinkly star.
Lines: 33
Xref: mnetor comp.unix.xenix:787 comp.sources.wanted:2322 comp.unix.questions:4178

In article <1903@ttrdc.UUCP> levy@ttrdc.UUCP (Daniel R. Levy) writes:
># 	3) eye -
># 		This is the gem of the bunch.  Written for a Sun
># 		computer, it watches TCP/IP connections on the
># 		ethernet.  This lets you see exactly what a user
># 		is doing... both input and output. 
># ... 
># current version of eye is nothing but a machine cracker.  I don't
># see a reason to pass this around.
># In a few weeks,  I plan on posting a new version of eye that is a
># ethernet debugger.  I never plan on posting my cracking version.
>
>Are you sure that your code will be written so that it takes a true guru to
>readily modify it to add the "cracking" functions?  If not you might want to
>think twice about sending it out, or post a uuencoded binary instead.

  This really raises a question which should be debated in the security
newsgroup... since there isn't one, lets restrict it to sources wanted
initially. 
  The question is: if XXX is insecure, should I publish information on
breaking XXX.  My personal opinion is "Only after you publish
information on how to make XXX secure".  Eg, the clist-watcher can be
defeated by setting the perms on /dev/kmem to exclude all but user and
group "root", then writing required applications using /dev/kmem as
setgid root.
  Other opinions, please? (light, not heat, requested).

 --dave
-- 
 David Collier-Brown.                 {mnetor|yetti|utgpu}!geac!daveb
 Geac Computers International Inc.,   |  Computer Science loses its
 350 Steelcase Road,Markham, Ontario, |  memory (if not its mind)
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.