jsq@ZOTZ.CS.UTEXAS.EDU (09/29/86)
Let's remember that if system people are forced to type super-user passwords across a network in clear text that that's just as bad a security problem as the permission file setup being complained about. (Though I suppose the cracker is more likely to need physical access to the local network.) Also, the way the crackers got into system people's accounts in this instance was through tricking badly written privileged programs to execute out of directories with *public* write permission, without which the question of whether system people should be able to write into program directories without typing passwords would have been moot. I.e., the really bad security problem in a network of 4BSD machines is privileged programs that don't constrain their search paths and arguments.