dmr@alice.UUCP (11/12/88)
Those interested in earlier works of Robert T. Morris, or interested in network security in general, might wish to read AT&T Bell Laboratories CSTR #117, "A Weakness in the 4.2BSD Unix TCP/IP Software," by Robert T. Morris, dated Feb. 25, 1985. An abstract of the abstract: ... [E]ach 4.2BSD system "trusts" some other set of other systems, allowing users logged into trusted systems to execute commands via a TCP/IP network without supplying a password. These notes describe how the design of TCP/IP and 4.2BSD implementation allow users on untrusted and possibly very distant hosts to masquerade as users on trusted hosts. Bell Labs has a growing TCP/IP network connecting machines with varying security needs; perhaps steps should be taken to reduce their vulnerability to each other. This technical report, as well as others, may be ordered by writing to Ellen Stark Room 2C579 AT&T Bell Laboratories 600 Mountain Ave. Murray Hill, NJ 07974 These reports are free of charge. Dennis Ritchie research!dmr dmr@research.att.com