karl@polyof.poly.edu (A1 karl muhlbach (staff) ) (12/12/89)
Dear All: I am a senior at Polytechnic University in Farmingdale N.Y. and I am working on a senior project concerning Unix System Security. The project will consist of a program that will traverse the file system checking for various security flaws and/or actual violations in security. I plan on checking for things like excessive SUID and GUID settings, ln's to user directories etc.. I also heard that there are a great deal of flaws with mail and UUCP. My problem is as follows. I need to gather together as much information as possible of the various areas of the Unix Operating System security flaws. I need this information to decide the areas of concentration that I will embark on. I realize that no one would and/or could tell me the specific flaws that exist, after all you don't know whether I am a "good guy" or "bad guy". Let me assure you all that my intentions are quite honorable and that you will have to take my word as a gentlemen. I would appreciate any information of the various flawed security areas of Unix and/or leads as to where I might find out these things. I have a book called "Unix System Security" by Patrick Wood but that only covers basic minor flaws. I would like to make this program as elaborate as possible. I WOULD APPRECIATE ANY CORRESPONDENCE CONCERNING THIS MATTER TO BE SENT VIA EMAIL TO THE ABOVE ADDRESS SINCE IT WOULD ASSURE ME A QUICKER RETURN AND SINCE I AM NOT ALWAYS ABLE TO CHECK THE NETWORK FOR REPLIES. THANK YOU IN ADVANCE FOR ALL YOUR TIME AND EFFORT IN MY BEHALF. Sincerely, Karl M.