Tech Insider					     Technology and Trends

			      USENET Archives

Path: utzoo!attcan!uunet!husc6!bloom-beacon!apple!bionet!agate!ucbvax!
From: bos...@OKEEFFE.BERKELEY.EDU (Keith Bostic)
Newsgroups: comp.protocols.tcp-ip
Subject: UNIX security
Message-ID: <8811211917.AA15361@okeeffe.Berkeley.EDU>
Date: 21 Nov 88 19:17:29 GMT
Sender: dae...@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 28

There are two points I would like to make regarding recent articles I've
seen on tcp-ip, phage, comp.unix.whatever and several other mailing lists.

The first concerns the widespread belief that "everybody" knew about the
bugs used by the worm.  This is not true.  Rick Adams has been trying to
contact "everybody" for about two weeks and he's come up emptyhanded.  The
number of people that knew about fingerd seems to be less than five, with
a like number knowing about the sendmail debug problem.  Counting whomever
wrote the worm.  Neither Sun nor UC Berkeley knew about the bug.

My second concern is the equally widespread belief that UNIX isn't secure
and that it cannot be made secure; this belief is typified by quotes along
the lines of "I have known about the security holes in Unix for almost ten
years" and "I've got lists of UNIX security problems you wouldn't believe."

UNIX is neither more or less secure than any other general purpose operating
system I'm aware of.  It can be made as secure as you wish -- Gould, Sun,
and AT&T, among others, have done interesting work in this area.

Now, the lists of security problesm, the ten-year-old bug lists, and the fact
that the tiger team from somewhere broke the su command in 1970-something,
that's ancient history.  UNIX is a fairly fast moving target, and we might as
well get used to that.  It's a feature, not a bug.  Ten years ago we were
running Version 7 on PDP 11/34's; I trust that most of the split I/D security
issues have been addressed.

Keith Bostic

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: