karl@polyof.poly.edu (A1 karl muhlbach (staff) ) (12/13/89)
Dear All: I am a senior at Polytechnic University in Farmingdale N.Y. and I am working on a senior project concerning Unix System Security. The project will consist of a program that will traverse the file system checking for various security flaws and/or actual violations in security. I plan on checking for things like excessive SUID and GUID settings, ln's to user directories etc.. I also heard that there are a great deal of flaws with mail and UUCP. My problem is as follows. I need to gather together as much information as possible of the various areas of the Unix Operating System security flaws. I need this information to decide the areas of concentration that I will embark on. I realize that no one would and/or could tell me the specific flaws that exist, after all you don't know whether I am a "good guy" or "bad guy". Let me assure you all that my intentions are quite honorable and that you will have to take my word as a gentlemen. I would appreciate any information of the various flawed security areas of Unix and/or leads as to where I might find out these things. I have a book called "Unix System Security" by Patrick Wood but that only covers basic minor flaws. I would like to make this program as elaborate as possible. I WOULD APPRECIATE ANY CORRESPONDENCE CONCERNING THIS MATTER TO BE SENT VIA EMAIL TO THE ABOVE ADDRESS SINCE IT WOULD ASSURE ME A QUICKER RETURN AND SINCE I AM NOT ALWAYS ABLE TO CHECK THE NETWORK FOR REPLIES. THANK YOU IN ADVANCE FOR ALL YOUR TIME AND EFFORT IN MY BEHALF. Sincerely, Karl M.
root@dialog.UUCP (Christian Motz) (12/15/89)
In article <1989Dec12.151734.15908@polyof.poly.edu> karl@polyof.poly.edu (A1 karl muhlbach (staff) ) writes: > > My problem is as follows. I need to gather together as >much information as possible of the various areas of the Unix >Operating System security flaws. First Of All: Nice Try, If this is an attempt to dig up sensitive Information. No system administrator in his right mind would give out anything like that in public. Second, there is an excellent book about the topic, written by Patrick H. Wood and Stephen G. Kochan titled "UNIX System Security", by Hayden Books, ISBN 0-8104-6267-2 ... -- Christian Motz uucp: ...!uunet!mcsun!unido!nadia!dialog!root "Trust me, I know what I'm doing!" -- Sledge Hammer Bix: cmotz