Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!apple!voder!pyramid!prls!mips!zorba!dtynan
From: dtynan@zorba.Tynan.COM (Dermot Tynan)
Newsgroups: comp.unix
Subject: Re: unix security program
Keywords: unix security
Message-ID: <11962@sunybcs.UUCP>
Date: 20 Mar 89 22:24:20 GMT
References: <4625@mcdchg.UUCP> <7971@mcdchg.UUCP> <10102@mcdchg.UUCP> <10322@mcdchg.UUCP>
Organization: SUNY/Buffalo Computer Science
Lines: 24
Approved: dtynan@zorba.Tynan.COM


In article <10322@mcdchg.UUCP> mouse@Larry.McRCIM.McGill.EDU (der Mouse) writes:
>In article <10102@mcdchg.UUCP>, jona@moss.ATT.COM (Jon M. Allingham) writes:
>> In article <7971@mcdchg.UUCP> usenet@mcdchg.UUCP writes:
>>> The permissions check program requires you to set up a list of
>>> permissions, the ones given are not the most secure, for example:
>>> /bin	555	dr-xr-xr-x
>>> If you want security why let users cd to or ls /bin, better to set
>>> the permissions :
>>> /bin	111	d--x--x--x

	Without read permission find wouldn't work. Not to mention
some shell utilities which would enable you to type the first few characters
of a commend and then complete the commend for you.

>If you want security you don't want UNIX.  If you must have UNIX and
>you want to come as close as you can, there are many other things to
>mess with before worrying about users being able to cd to /bin.  Tell
>me, what are you afraid they'll do once they're there?

	In the most secure system, information about the existance
of certain files is available to the users on a need to know basis.
When one succeeds in breaking into an UNIX system, the knowledge of
where about of system filex can only help.