Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!ll-xn!adelie!cdx39!jc From: jc@cdx39.UUCP (John Chambers) Newsgroups: comp.unix.questions Subject: Security mailing list, anyone? Message-ID: <526@cdx39.UUCP> Date: Mon, 15-Dec-86 17:22:59 EST Article-I.D.: cdx39.526 Posted: Mon Dec 15 17:22:59 1986 Date-Received: Wed, 17-Dec-86 05:24:58 EST Organization: Codex Corp, a division of Motorola; Canton, MA, USA Lines: 60 Keywords: security unix Well, I've gotten lots of letters recently in response to my complaints about how hard it is to learn the good stuff about how insecure this system is. It seems that lots of people out there are interested in ways of making/breaking their systems. So far, I haven't gotten any hot leads for the mythical unix-security mailing list (or newsgroup or whatever), so I guess I'll have to take it upon myself... If you would like to partake in a discussion of ways of defending your system from attack, send me an interesting security-related letter, and I'll set up a mailing list. [This is, of course, a thinly-disguised attempt to get all of you to tell me what you know about security.] There was an interesting posting recently in the other direction, from a person who said that none of his users had passwords, and they never had any problems. This is certainly another approach, and it might be interesting to see a discussion of the topic. After all, any sort of security that I've ever seen was rather intrusive, and functioned primarily to interfere with legitimate use of the system. If you want a convenient, productive environment, you probably want to minimize security. Or do you? Can anyone suggest a way of making a computer system reasonably secure from malicious intrusion, while interfering minimally with its legit users? BTW, I personally consider "idiot-proofing" to be a facet of security. I'd be interested in system designs that somehow let me say "rm -r *" when I really mean it, but interfere when I don't mean it. Or, expressed differently, is there a syntax that would make such things easy to type intentionally, but hard to type accidentally? Such a syntax could be of interest to high-security people. A system that audits such commands could do a lot of quite unobtrusive checking and fingering of guilty parties. One useful security approach, after all, is to pretend to be open and inviting, while eliciting sufficient information that you can successfully prosecute intruders later. Such systems have been termed "hacker traps". A shell that pretended to accept series of commands like: cd / rm -r * & exit while not actually doing them could be a good hacker trap. [I hope I'm not too badly inundated by replies. If I am, I may have to farm the job out to some of you. Also, this machine and/or I may go away in a few weeks, and I don't know yet where I may be working next, so be prepared for a fast reorganization of any mailing list.] -- John M Chambers Phone: 617/364-2000x7304 Email: ...{adelie,bu-cs,harvax,inmet,mcsbos,mit-eddie,mot[bos]}!cdx39!{jc,news,root,usenet,uucp} Smail: Codex Corporation; Mailstop C1-30; 20 Cabot Blvd; Mansfield MA 02048-1193 Clever-Saying: For job offers, call (617)484-6393 evenings and weekends.