Subject: Morris Tech Report
Date: 12 Nov 88 07:10:32 GMT
Organization: AT&T Bell Laboratories, Murray Hill NJ
Those interested in earlier works of Robert T. Morris,
or interested in network security in general, might wish
to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
4.2BSD Unix TCP/IP Software," by Robert T. Morris,
dated Feb. 25, 1985. An abstract of the abstract:
... [E]ach 4.2BSD system "trusts" some other set of other
systems, allowing users logged into trusted systems to
execute commands via a TCP/IP network without supplying
a password. These notes describe how the design of TCP/IP
and 4.2BSD implementation allow users on untrusted and
possibly very distant hosts to masquerade as users on
trusted hosts. Bell Labs has a growing TCP/IP network
connecting machines with varying security needs;
perhaps steps should be taken to reduce their vulnerability
to each other.
This technical report, as well as others, may be ordered by writing to
AT&T Bell Laboratories
600 Mountain Ave.
These reports are free of charge.