jmcarli@PacBell.COM (Jerry M. Carlin) (05/15/91)
In article <16155@smoke.brl.mil> gwyn@smoke.brl.mil (Doug Gwyn) writes: >I guarantee that there are other security problems on most versions >of UNIX besides the one you've been carrying on about. What makes >that one problem so much more significant than the others? There are also security problems with MVS/RACF. especially if you are not VERY VERY careful setting it up such as SVC's leaving people in supervisor state for example and careless use of "RACF SPECIAL" for another. But more to the point, you've raised a VERY good question. I'd rank significance in 3 levels but would be interested in other's opinions (how's that for having an open mind :-) This ranking assumes I trust people I know more than "strangers" and want to limit access to the system. Obviously such things as "anonymous ftp" are not included but for "production" or "critical" computers, the most important to me is limiting access. The next is to limit access to root and other's IDs. Finally I'd put everthing else in a major category. I'd rank the tty bugs in #2 and #3 since snarfing root's password is possible as well as annoying people by sending trash to their screen. Summary: 1. remote access without knowing id/password. 2. getting access to other ID's especially root. 3. the rest -- Jerry M. Carlin (415) 823-2441 jmcarli@srv.pacbell.com To dream the impossible dream. To fight the unbeatable foe.