Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site hadron.UUCP Path: utzoo!linus!philabs!cmcl2!seismo!rlgvax!hadron!jsdy From: jsdy@hadron.UUCP (Joseph S. D. Yao) Newsgroups: net.followup Subject: Re: Unix from a snob's point of view! Message-ID: <47@hadron.UUCP> Date: Sun, 27-Oct-85 08:21:38 EST Article-I.D.: hadron.47 Posted: Sun Oct 27 08:21:38 1985 Date-Received: Thu, 31-Oct-85 22:34:29 EST References: <298@weitek.UUCP> <951@enea.UUCP> Reply-To: jsdy@hadron.UUCP (Joseph S. D. Yao) Distribution: net Organization: Hadron, Inc., Fairfax, VA Lines: 61 Keywords: valid and invalid criticisms, security In article <951@enea.UUCP> sommar@enea.UUCP (Erland Sommarskog) writes: >In article <298@weitek.UUCP> mmm@weitek.UUCP (Mark Thorson) writes: >>3. Unix security is eggshell-thin. In practice, Unix is usually run about >> as securely as other OSes. But it is intrinsically easy to break. ... >Yes, this an very severe problem. (Not only for Unix, but most other OS's >are at least a little safer. I can't believe that this bald statement has gone this long unchallenged. Most OS's, such as those put out by certain 3-letter corporations, are provably impossible to make at all secure in reasonable time. UNIX, on the other hand, has been chosen as the base for almost every non-Multics attempt at a provably secure OS. It has a lot of great security capabilities. Security, however, is mostly a matter of human behaviour. It doesn't matter what safeguards I put in the software if I leave the key in the machine, which is sitting in the hallway, and tape the super-user password on the console so I can remember what I changed it to ... five years ago. How many of you who complain about security enforce password aging? How many enforce passwords, for goodness' sake? [These are rhetorical questions, N O T a survey!] How many have changed the wizard password in sendmail.cf? How many have even removed Other and Group write permissions from /etc/passwd and properly use groups to separate users? I will say this in favour of the original position. Unix was originally written to be used in a trusted community, so it is delivered with a lot of protections off. But if people spent 1/10 the time fixing protections and tightening human security policies that they do complaining about Unix security, they would have little (if anything) to complain about. I hereby challenge anybody to hand me a Unix source system, and in a short time I will have it "reasonably" secure. (There is no such thing as "absolutely" secure.) You supply a (resonable) definition of "reasonable". [E.g., provable and multi-level are not reasonable, for a vanilla Unix, unless you want to put us on contract.] Even if you have put holes in the system, as long as you give me the original tapes (let's be reasonable!) I believe I can do this. I guess I should puncture my ego trip and say this challenge is addressed to the ordinary system manager such as those who made the above complaints. It's not addressed to the many people who are much cleverer in this area than I am, such as the people at ucla-security, any of the kernelised secure OS projects, MI#, Ft. Meade, Langley, Ken or Dennis or Brian or ..., or all those who taught me all I know but not all they know. But I would be willing to accept even a reasonable challenge from any of them, on the understanding that I know they will probably do something I can't find in a "short" time. I should also put a time limit on this, and accept only serious offers, because I am not going to spend all the rest of my life fixing security on Unix systems. -- Joe Yao hadron!jsdy@seismo.{CSS.GOV,ARPA,UUCP}