PDreyer@HI-MULTICS.ARPA (Phil Dreyer) (06/23/87)
In reference to: It has so many holes in it they should send it back to the drawing board. VAX/VMS started out without to much concern if any for security enhancements. As time progressed and security became an issue dec has been trying to bend and twist a square peg into a round hole. They'll get it through but it's taking a heck of a lot to do it. Every release and point release that they have that fixes bugs there is no real security enhancements over what they have had for a long time. And the security that they had to begin with is not that great. I see holes, not just in bugs but in what they offer to begin with. Take a look at their security manual once. To do a secure environment for a user they suggest that you set up a COM file, and if you look at it there is a big blank spot where it should check for command validity. That they leave for your imagination. Their file protections are something too, until a recent release they did not have acls at all just "protections" for files. Even now when using acl's they advise, "Do not place acls on everything. If you set up too many defaults, you will end up with acls on all of your files. This is not normally necessary even at medium-level security sites. If all users compound this error, performance penalties may appear on the system." Talk about discouraging security. To say it is not normally necessary even at medium-level security sites shows their ignorance. On our Multics system there are acls on EVERYTHING and there is no problems on the order of "performance penalties" and in fact acls are manditory and encouraged for users. When talking about security in the "security" manual for vax, they take a whole chapter and talk about passwords, then talk about acls on the VAX. These seem to be their biggest security "features" although I hestiate to call them that. In todays computer world they are a necessity. These are the holes of which I spoke. In trying to fit a square peg into a round hole they should go back to square one and start over. It might even produce a more secure product.