Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!rutgers!att!
ulysses!andante!alice!dmr
From: d...@alice.UUCP
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards,news.sysadmin
Subject: Morris Tech Report
Message-ID: <8419@alice.UUCP>
Date: 12 Nov 88 07:10:32 GMT
Organization: AT&T Bell Laboratories, Murray Hill NJ
Lines: 31

Those interested in earlier works of Robert T. Morris,
or interested in network security in general, might wish
to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
4.2BSD Unix TCP/IP Software," by Robert T. Morris,
dated Feb. 25, 1985.  An abstract of the abstract:

	... [E]ach 4.2BSD system "trusts" some other set of other
	systems, allowing users logged into trusted systems to
	execute commands via a TCP/IP network without supplying
	a password.  These notes describe how the design of TCP/IP
	and 4.2BSD implementation allow users on untrusted and
	possibly very distant hosts to masquerade as users on
	trusted hosts.  Bell Labs has a growing TCP/IP network
	connecting machines with varying security needs;
	perhaps steps should be taken to reduce their vulnerability
	to each other.

This technical report, as well as others, may be ordered by writing to

	Ellen Stark
	Room 2C579
	AT&T Bell Laboratories
	600 Mountain Ave.
	Murray Hill,
	NJ 07974

These reports are free of charge.

			Dennis Ritchie
			research!dmr
			d...@research.att.com