Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!henry From: henry@utzoo.UUCP (Henry Spencer) Newsgroups: net.unix-wizards,net.rumor Subject: Re: Unix (In)Security Message-ID: <4714@utzoo.UUCP> Date: Sat, 1-Dec-84 23:46:30 EST Article-I.D.: utzoo.4714 Posted: Sat Dec 1 23:46:30 1984 Date-Received: Sat, 1-Dec-84 23:46:30 EST References: <141@sask.UUCP> Organization: U of Toronto Zoology Lines: 17 > Another comment made by the speaker was that there have been 5 attempts > at generating secure Unix kernels. All attempts have not been successful > and 4 have been aborted. ... This simply reflects Unix's status as the preferred operating system to try to re-implement, if you are trying to re-implement something. *Most* (all?) secure-kernel projects have been failures. Many of them have been based on Unix. So it's hardly suprising that the number sounds impressive. Yes, there are security holes in Unix, as distributed. By and large, they are curable once you know they are there. It helps if the underlying system is reasonably stable, so you get a chance to find and fix the bugs; security bugs in 4.2BSD are hardly suprising, since so much of the kernel was not thoroughly tested at release time. -- Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,linus,decvax}!utzoo!henry