lmc@denelcor.uucp (12/09/84)
I am a system administrator on a system where security is a rather important
consideration. As in many other companies, our system is used by company
management for e-mail, planning, and other functions which involve company
proprietary and sensitive data. In recent net postings it has been noted
that "those in the know" have provided themselves with such protection as
exists for the known loopholes. That information, concerning the bugs and
design flaws in Unix that lead to security problems, seeps, if at all, via
word of mouth, and doesn't often reach those who could benefit from it (and
I don't mean the crackers).
In a reasonable universe the needed information would appear here in either
net.unix.wizards or net.bugs.*. It has been pointed out, however, that
spreading it around the net would benefit the baddies more than help the
goodies. Since mailing lists seem to be the rage now, I would like to propose
a mailing list for sa's that would discuss security issues in Unix. I would
offer my services to moderate the list. I imagine that only root addressees
would be on the list, in order to control the distribution somewhat (yes,
I know that mail is not secure - maybe that's an issue that could be attacked
early on).
How say you? Mail replies to me and I'll see what happens. I need this in
order to do my job; there have to be others out there in the same boat.
--
Lyle McElhaney
{hao, stcvax, brl-bmd, nbires, csu-cs} !denelcor!lmcschnable@ihuxf.UUCP (Andrew T. Schnable) (12/11/84)
There is a very good article in the latest BLTJ on UNIX security. UNIX Operating System Security, F. T. Grampp, R. H. Morris, Oct. 1984 AT&T Bell Laboratories Technical Journal, Vol. 63, No. 8, Part 2. andy ihuxf!schnable