humtech@ucschu.ucsc.edu (Mark Frost) (02/15/90)
This may be a touchy subject as this is definitely considered to be sensitive information, but here goes.... I'm writing a paper for a graduate class called Advanced Operating Systems. I am interested in writing my final paper for the class on "UNIX security holes". I've read Clifford Stoll's excellent book "The Cuckoo's Egg" as well as Gene Spafford's paper on the network worm of a year or so ago. I've also picked up Clifford Stoll's paper "Stalking the Wiley Hacker" from the CACM (although I've not yet read it) and I'm perusing old issues of comp.risks. I'd like any references or information that people can give me regarding possible "holes" in UNIX's security system. This can be relating to any interpretation of the word "security". I would prefer info relating specifically to BSD, but anything relating to AT&T UNIX would also be appreciated. Also, this information may relate to older versions of these operating systems that may have since been fixed. Absolutely any references or experiences that people have had would be immensely appreciated. I'm not so much interested in "send this stream of bytes to the paging daemon and such and such will happen", but I'm more interested in the security issues such as the lack of buffered input that (as well as other issues) allowed the internet worm to spread itself. If some of the methods/techniques/issues are not too time consuming or destructive I may try some of them out on the UNIX system on which I am a co-system administrator. ***** Please, please, please don't flame me on this. I have had to resort to a net posting as there is not much published material (at least that I can find) on this subject. I am not trying to get this information with the intent to go on any sort of crime spree. I understand asking this is like asking what the best way to break into someone's house is and I realize that many net.readers will be hesitant if not hostile about this request. Please respond via e-mail. Thanx for your time Mark Frost Office of the the Computing Coordinator Humanities Division University of California at Santa Cruz Santa Cruz, California 95064 (408) 459-4603 Internet: humtech@ucschu.UCSC.EDU Bitnet: humtech@ucschu.bitnet Uucp: ...!ucbvax!ucscc!ucschu!humtech