Xref: utzoo unix-pc.general:4947 comp.sys.att:8945
Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!cs.utexas.edu!execu!sequoia!attdso!hico2!kak
From: kak@hico2.UUCP (Kris A. Kugel)
Newsgroups: unix-pc.general,comp.sys.att
Subject: Security on the 3B1
Keywords: "Unix System Security" 3b1 7300 unix-pc
Message-ID: <200@hico2.UUCP>
Date: 5 Mar 90 06:05:33 GMT
Followup-To: unix-pc.general,comp.sys.att
Organization: High Country Software
Lines: 31

For the most part, I believe most of the 3b1/7300 owners
out there have fixed the most blatent security holes on
their systems (logins without passwords, and *VERY* serious
permissions holes)

I recently restored my 3B1 from scratch, and typed (by hand)
a security audit shell program from the book, "UNIX SYSTEMS SECURITY".

Given the time and effort it took to type and debug the damn
thing in, it seems to me that I could save some other poor souls
the effort by making some kinda information available.

Now, I can:
1. post the results of the security audit to the world
   (possibly creating awareness of the holes to those
    we would rather stay ignorant, and before the holes can be fixed)
2. post the security auditing program (probably violating copyright)
3. mail the results to anybody who requests them
  (assumes some kinda tracking of who gets it is better than nothing,
   not all that much safer, and a pain in the butt for me)

Seems to me we already had something like this discussion, but I forgot
the concensus opinion (if there was one).
I'm kinda leaning towards #1 myself.  Any opinions?

                               Kris A. Kugel
                              (201) 842-2707
       {uunet,att,rutgers}!westmark            <--daily
{ssbn,zorch,zinn,ditka,daver,attdso}           <--semi-daily
	                    {wldrdg}!hico2!kak <--maybe
	                  {stc-auts}           <--seems dead for 9600