Path: sparky!uunet!cis.ohio-state.edu!ucbvax!PYR.SWAN.AC.UK!iiitac
From: iii...@PYR.SWAN.AC.UK (Alan Cox)
Newsgroups: alt.security
Subject: Xenix
Message-ID: <3569.9209300913@pyr.swan.ac.uk>
Date: 30 Sep 92 09:13:56 GMT
Sender: dae...@ucbvax.BERKELEY.EDU
Lines: 24


Xenix isn't exactly secure either. There are standard tools floating
around the dos/unix world which just scan hard disks for sectors
beginning 
root:
print them out and ask if you want to kill the root password. I've used
it several times before now to break into Xenix286 and other machines
that people have discarded or lost the passwords (normally after its
been in the cupboard for 9 months and they decide to sell it...)

Quite literally if you can't physically lock the machine away you don't
have a chance of making a machine secure. What you can do is make
the machine unusable without the security (encrypted disks for example),
and make it unable to use your network properly(kerberos). 

I'd be happy to be proved wrong, but while someone can pull the plug or
unplug the ethernet and plug in a pc running soss to fake its fileserver
feed it a setuid root shell and then switch to the real network or 
a million other variants, what can you do /

----------------------------
Before you hug any wolves - remember little red riding hood

Hail Eric!