Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!rosevax!ems!eta!lm
From: lm@eta.ETA.COM (Larry McVoy)
Newsgroups: comp.sys.att
Subject: Re: System security discussions
Message-ID: <8700181@eta.ETA.COM>
Date: Tue, 6-Oct-87 07:57:54 EDT
Article-I.D.: eta.8700181
Posted: Tue Oct  6 07:57:54 1987
Date-Received: Sat, 10-Oct-87 17:41:54 EDT
References: <150@manta.UUCP>
Reply-To: lm@eta.UUCP (Larry McVoy)
Organization: ETA Systems, Inc., St Paul, MN, USA
Lines: 27
Keywords: UNIXpc security

In article <150@manta.UUCP> brant@manta.UUCP (Brant Cheikes) writes:
>So despite what appears to be total lack of support for my position, I
>remain convinced that posting one's latest "Look Ma, I'm root!" is far
>more likely to do harm than good.  Nevertheless, Lenny Tropiano
>certainly has my apologies for the inappropriately harsh tone I used
>toward him in my earlier posting.
>-- 
>Brant Cheikes
>University of Pennsylvania
>Department of Computer and Information Science
>ARPA: brant@linc.cis.upenn.edu  UUCP: ...cbmvax!cgh!manta!brant

I suggest that you read the following (classic) paper on Unix Security before
you decide to broadcast your views on the subject to the net.

	F.T. Grampp & R.H. Morris, "Unix Operating System Security", 
	AT&T Bell Technical Journal 63, pp. 1649-1672, October 1984.

It's a very standard OS paper to have read.  Had you read it, Brant, you
would have discovered that many "obvious" conclusions about security are
in fact wrong.  "Look Ma, I'm root!" is fine.  It points out holes.
People who care will fix the holes.  Ignoring them or hushing them up
does not fix holes.  It creates time bombs.
-- 

Larry McVoy	uucp: ...!{uiucuxc, rosevax, meccts, ihnp4!laidbak}!eta!lmcvoy
		arpa: eta!lmcvoy@uxc.cso.uiuc.edu