jrc@SNOW-WHITE.LANL.GOV (James R. Clifford) (03/07/91)
What measures have been taken to protect MIT's Kerberos software source? We are investigating using Kerberos for our network authentication system. For some clients and servers, building the code from the MIT source is the only available/timely alternative. On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy. Bulletin board software is where you go to pick up a virus, worm, Trojan horse, and other nast ies they say. What assurances are there that the software that we ftp remains unchanged from what the authors released? That there are no "wizard" passwords? No debugging trap doors Thanks, Jim Clifford
jrc@SNOW-WHITE.LANL.GOV (James R. Clifford) (03/08/91)
What measures have been taken to protect MIT's Kerberos software source? We are investigating using Kerberos for our network authentication system. For some clients and servers, building the code from the MIT source is the only available/timely alternative. On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy. "Bulletin boards are where you go to pick up viruses, Trojan horses, and other nasty social di seases", they say. What assurances are there that the software that we ftp remains unchanged from what the authors released? That there are no "wizard" passwords? No debugging back doors? Are vendor releases of Kerberos likely to be any better? Thanks, Jim Clifford
tytso@ATHENA.MIT.EDU (Theodore Ts'o) (03/08/91)
From: jrc@snow-white.Lanl.GOV (James R. Clifford) What measures have been taken to protect MIT's Kerberos software source? We are investigating using Kerberos for our network authentication system. For some clients and servers, building the code from the MIT source is the only available/timely alternative. On the other hand, there are those who contend basing a large part of the campus security on software obtained from an electronic bulletin board is crazy. "Bulletin boards are where you go to pick up viruses, Trojan horses, and other nasty social diseases", they say. I tend to make a distinction between "eletronic bulletin boards" and FTP sites. You can obtain kerberos by ftp'ing to ATHENA-DIST.MIT.EDU (IP address 18.71.0.38). Only certain Project Athena staff members have access to that machine; only authorized software releases go there. In contrast, I tend to think of "eletronic bulletin boards" privately run systems which you access by modem; where the average age of users is under 21; and where random people deposit software to which is picked up by other users who use that software at their own risk. I do, however, find it touching that you are only concerned that "what you ftp" is unchanged from "what the authors released". Allow me to ask this question: Why are you so convinced that software will be free of "back doors" and "wizard passwords" just because it came from MIT Project Athena? After all, other software packages have come released from equally prestigious institutions with "wizard passwords". We encourage people to at least look over the source code of what they FTP over; and if they want to, they're perfectly welcome to perform a security audit over the code. In this respect, vendor release of Kerberos are likely to be worse, since you don't get the source code, and so you have to take the vendor's word that there are no back doors. I, personally, would rather take a look at the source code myself, and assure myself that a piece of security-related is code is free of holes, accidental or otherwise. - Ted
pato@APOLLO.COM (Joe Pato) (03/09/91)
security audit over the code. In this respect, vendor release of Kerberos are likely to be worse, since you don't get the source code, and so you have to take the vendor's word that there are no back doors. I, personally, would rather take a look at the source code myself, and assure myself that a piece of security-related is code is free of holes, accidental or otherwise. It may be true that a vendor does not release the source code to Kerberos - but then again the vendor probably also does not release the source code to the OS or to the login program or any other component of the trusted computing base. -- Joe Pato Cooperative Computing Division Hewlett-Packard Company pato@apollo.hp.com -------
tytso@ATHENA.MIT.EDU (Theodore Ts'o) (03/09/91)
From: pato@apollo.com (Joe Pato) Date: Fri, 8 Mar 91 11:40:30 EST It may be true that a vendor does not release the source code to Kerberos - but then again the vendor probably also does not release the source code to the OS or to the login program or any other component of the trusted computing base. True; but then again, one of the reasons why I asked for a VS 3100 on my desk instead of a Decstation is that we run BSD 4.3 on Vax architectures, and we run Ultrix 3.1 on the Decstations. I currently have sources to what I run, and I consider this to be a huge win. I would assert that in a perfect world, everyone should have the option of perusing the TCB if they so choose. - Ted