Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site hadron.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!rlgvax!hadron!jsdy
From: jsdy@hadron.UUCP (Joseph S. D. Yao)
Newsgroups: net.followup
Subject: Re: Unix from a snob's point of view!
Message-ID: <47@hadron.UUCP>
Date: Sun, 27-Oct-85 08:21:38 EST
Article-I.D.: hadron.47
Posted: Sun Oct 27 08:21:38 1985
Date-Received: Thu, 31-Oct-85 22:34:29 EST
References: <298@weitek.UUCP> <951@enea.UUCP>
Reply-To: jsdy@hadron.UUCP (Joseph S. D. Yao)
Distribution: net
Organization: Hadron, Inc., Fairfax, VA
Lines: 61
Keywords: valid and invalid criticisms, security

In article <951@enea.UUCP> sommar@enea.UUCP (Erland Sommarskog) writes:
>In article <298@weitek.UUCP> mmm@weitek.UUCP (Mark Thorson) writes:
>>3.  Unix security is eggshell-thin.  In practice, Unix is usually run about
>>    as securely as other OSes.  But it is intrinsically easy to break.  ...
>Yes, this an very severe problem. (Not only for Unix, but most other OS's
>are at least a little safer.

I can't believe that this bald statement has gone this long
unchallenged.  Most OS's, such as those put out by certain
3-letter corporations, are provably impossible to make at
all secure in reasonable time.  UNIX, on the other hand, has
been chosen as the base for almost every non-Multics attempt
at a provably secure OS.  It has a lot of great security
capabilities.

Security, however, is mostly a matter of human behaviour.  It
doesn't matter what safeguards I put in the software if I leave
the key in the machine, which is sitting in the hallway, and
tape the super-user password on the console so I can remember
what I changed it to ... five years ago.

How many of you who complain about security enforce password
aging?  How many enforce passwords, for goodness' sake?  [These
are rhetorical questions,  N O T  a survey!]  How many have
changed the wizard password in sendmail.cf?  How many have even
removed Other and Group write permissions from /etc/passwd and
properly use groups to separate users?

I will say this in favour of the original position.  Unix was
originally written to be used in a trusted community, so it is
delivered with a lot of protections off.  But if people spent
1/10 the time fixing protections and tightening human security
policies that they do complaining about Unix security, they
would have little (if anything) to complain about.

I hereby challenge anybody to hand me a Unix source system, and
in a short time I will have it "reasonably" secure.  (There is
no such thing as "absolutely" secure.)  You supply a (resonable)
definition of "reasonable".  [E.g., provable and multi-level are
not reasonable, for a vanilla Unix, unless you want to put us on
contract.]  Even if you have put holes in the system, as long as
you give me the original tapes (let's be reasonable!) I believe
I can do this.

I guess I should puncture my ego trip and say this challenge is
addressed to the ordinary system manager such as those who made
the above complaints.  It's not addressed to the many people
who are much cleverer in this area than I am, such as the people
at ucla-security, any of the kernelised secure OS projects, MI#,
Ft. Meade, Langley, Ken or Dennis or Brian or ..., or all those
who taught me all I know but not all they know.  But I would be
willing to accept even a reasonable challenge from any of them,
on the understanding that I know they will probably do something
I can't find in a "short" time.

I should also put a time limit on this, and accept only serious
offers, because I am not going to spend all the rest of my life
fixing security on Unix systems.
-- 

	Joe Yao		hadron!jsdy@seismo.{CSS.GOV,ARPA,UUCP}