davy@sparkyfs.istc.sri.com (David Curry) (10/29/90)
Archive-name: sri-security-doc/27-Oct-90 Original-posting-by: davy@sparkyfs.istc.sri.com (David Curry) Original-subject: Re: crontab for ordinary users Archive-site: ftp.erg.sri.com [128.18.4.39] Archive-directory: /pub Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) In article <4073@goanna.cs.rmit.oz.au> msf@wren.cs.rmit.OZ.AU (Michael Fuller) writes: > >p.s. Security papers would do a much better job of trying to beat things >into people if they were widely diestributed and publicised. Well, a while back I wrote "Improving the Security of Your UNIX System". It is widely distributed and has been widely publicized. (The paper itself was posted to comp.doc; the notice was sent to SUN-SPOTS, RISKS, CERT-TOOLS; it has been mentioned in SunExpert, ACM SIGCOMM, and a few data security newsletters.) Don't put all the blame on us author-types. We can only post stuff in so many places. You need to make an effort to get onto the security lists, newsgroups, and so on too. --Dave Curry -------------------------------- Last update: October 23, 1990 The SRI International white paper, "Improving the Security of Your UNIX System," may be obtained via the following methods: 1. ANONYMOUS FTP The document is available via anonymous FTP from the following hosts: (West Coast) Host: FTP.ERG.SRI.COM Addr: 128.18.4.39 File: pub/security-doc.tar.Z (West Coast) Host: GATEKEEPER.DEC.COM Addr: 16.1.0.2 File: pub/doc/sri-security-doc.tar.Z (East Coast) Host: UUNET.UU.NET Addr: 192.48.96.2 File: doc/security-doc.tar.Z (Midwest) Host: TUT.CIS.OHIO-STATE.EDU Addr: 128.146.8.60 File: pub/security/security-doc.tar.Z (Southwest) Host: TITAN.RICE.EDU Addr: 128.42.1.30 File: sun-source/secdoc.shar.z.uu (uuencoded) (MILNET) Host: WSMR-SIMTEL20.ARMY.MIL Addr: 26.2.0.74 File: pd2:<unix-c.info>security-doc.tar-z (Australia) Host: tasis.utas.oz.au Addr: 131.217.20.1 File: pub/security-doc.tar.Z (Australia) Host: ftp.adelaide.edu.au Addr: 129.127.40.3 File: pub/misc/security-doc.tar.Z (Canada) Host: cs.toronto.edu Addr: 128.100.1.65 File: doc/security-doc.tar.Z (Europe) Host: mcsun.eu.net Addr: 192.16.202.1 File: documents/security-doc.tar.Z (Scandinavia) Host: funic.funet.fi Addr: 128.214.6.100 File: pub/doc/security/security-doc.tar.Z Transfer the file in "binary" mode from all the hosts, except use "tenex" mode from SIMTEL-20. After you get the file, execute the commands: % uncompress security-doc.tar.Z % tar xf security-doc % cd security-doc And now consult the README file. Note: if you get the file from TITAN.RICE.EDU, instead use the commands: % uudecode secdoc.shar.z.uu % uncompress secdoc.shar.Z % sh secdoc.shar % cd security-doc 2. UUCP UUNET subscribers can obtain the document via UUCP from UUNET using a command of the form uucp uunet!~/doc/security-doc.tar.Z destination-filename U.S. sites which do not subscribe to UUNET may still access the document by calling the 1-900-GOT-SRCS (468-7727) and logging in as "uucp" with no password. All modems connected to the 900 number are Telebit T2500 modems supporting PEP, V.32 (9600), V.22bis (2400), Bell 212a (1200), and Bell 103 (300). Use an L.sys line such as: uunet Any ACU 19200 1-900-468-7727 in:--in:--in: uucp NOTE: The telephone company will charge you US$0.40/minute for this service. There is no charge directly from UUNET. At PEP or V.32 speeds, the document will cost approximately $2.00 in connect time (175 kbytes). ----- You can obtain the file via "anonymous" UUCP from Ohio State University by placing the following line in your L.sys file: # # Direct Trailblazer # osu-cis Any ACU 19200 1-614-292-5112 in:--in:--in: Uanon # # Micom port selector, at 1200, 2400, or 9600 bps. # Replace ##'s below with 12, 24, or 96 (both speed and phone number). # osu-cis Any ACU ##00 1-614-292-31## "" \r\c Name? osu-cis nected \c GO \d\r\d\r\d\r in:--in:--in: Uanon and then issue the command uucp osu-cis!~/security/security-doc.tar.Z destination-filename ----- The document is also obtainable via anonymous uucp access from "sir-alan" which supports 19.2K bps PEP (814 337 3159) and 9600 USR HST/V.32 connections (814 337 0348; send one BREAK after CONNECT 9600). Login is "pdsrc", no password. Systems/L.sys entries: sir-alan Any ACU 19200 18143373159 ogin:--ogin:--ogin: pdsrc sir-alan Any ACU 9600 18143370348 ogin:-BREAK-ogin:-BREAK-ogin: pdsrc uucp command: uucp sir-alan!/u/pubdir/UNIX/security.tar.Z destination-filename For help, get "sir-alan!/u/pubdir/HELP". 3. BITNET BITNET users may obtain the document via the European TRICKLE servers from the UNIX-SW archives. To do this, use the TELL command as follows: TELL TRICKLE AT SOMEHOST /PDGET <UNIX-C.INFO>SECURITY-DOC.TAR-Z where SOMEHOST is one of: DKTC11 Denmark TREARN Turkey IMIPOLI Italy BANUFS11 Belgium AWIWUW11 Austria DB0FUB11 Germany EB0UB011 Spain There are no TRICKLE hosts in the U.S.; the Europeans are graciously allowing U.S. BITNET users to access their machines. Please be kind to them. Sorry, but the LISTSERV machines at RPIECS and NDSUVM do not provide access to the UNIX-SW repository. The file will arrive in BITSEND, NETDATA format. You should use the BITRCV command from RDRList to get the file. (I have no idea what this means -- go find an IBM guru if you don't know either.) This will be a BINARY file. You won't be able to do much of anything with it on an IBM system. Instead, transfer it to a UNIX system, and then uncompress it and extract the tar file, and then format things. See above under "FTP" for how to do this. NOTE: the connection from the TRICKLEs to SIMTEL-20 has been lousy of late. You may wish to try sending /PDGET FUNIC.FUNET.FI:disk1/pub/doc/security/security-doc.tar.Z to LISTSERV@FINTUVM.BITNET instead. 4. ELECTRONIC MAIL The document may also be obtained from the SUN-SPOTS archive server located on host TITAN.RICE.EDU. In order to request the document, send a note with the words send sun-source secdoc.shar.z.uu to "archive-server@titan.rice.edu" (uunet!rice!archive-server). ----- The document may be obtained in the United Kingdom from the cam.cl info-server in the "sources transient" directory. Send the message request sources; topic transient security-doc.tar.Z to "info-server@uk.ac.cam.cl". Contact pb@uk.ac.cam.cl for more info. ----- If you are an EUnet site, contact your national backbone site. Many of them have set up an info server which you can use, but details differ from country to country. 5. DECNET DECNET users can obtain the file by copying DECWRL::"/pub/doc/sri-security-doc.tar.Z" by using the COPY command, or whatever. 6. ACSnet (Australia) Use "fetchfile" from the host sirius.ua.oz to get the file "misc/security-doc.tar.Z". 7. USENET An "nroff" version of the paper was been posted to the USENET newsgroup "comp.doc" on May 7, 1990. Article id: <13498@ucsd.Edu>