Path: utzoo!attcan!uunet!husc6!uwvax!tank!nic.MR.NET!shamash!nis!ems!amdahl!pacbell!ptsfa!jmc
From: jmc@ptsfa.PacBell.COM (Jerry Carlin)
Newsgroups: news.sysadmin
Subject: Re: The virus (worm, whatever) -- long
Message-ID: <4584@ptsfa.PacBell.COM>
Date: 11 Nov 88 23:41:15 GMT
References: <1050@cps3xx.UUCP> <783@mailrus.cc.umich.edu>
Reply-To: jmc@ptsfa.PacBell.COM (Jerry Carlin)
Organization: Pacific * Bell, San Ramon, CA
Lines: 31

In article <783@mailrus.cc.umich.edu> honey@citi.umich.edu (peter honeyman) writes:
>please elaborate on your assertion that "unix has some fundamental security
>problems."

I did not start this, but I can't leave the opportunity alone :-)

The ORANGE book has some fundamental security problems. (For the color
blind, the orange book is the DOD requirements for secure operating systems).

It ignores such minor things as database managers and networks. If a DBMS
resides in one file or partition, the walls the operating system builds 
are irrelevant.

Network insecurity is obvious. The 'red' book is an attempt to address it
but we are far from seeing a solution. Kerberos is a good start.

Moral: ALL computers and networks in the 'real' world have fundamental 
theoretical security problems. 

For those who still aren't convinced, read about the IBM mainframe (RACF)
problem that lead to space shuttle code being diddled when it should not
have,  LU6.2 with NO built in security, VAX/VMS bugs a few months ago etc.
(comp.risks) etc.

"We all live in a yellow submarine..."

PS: What is the 'misc.security' newsgroup for? :-)

-- 
Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc
To dream the impossible dream. To fight the unbeatable foe.