Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!mit-eddi!mit-vax!eagle!harpo!seismo!hao!hplabs!sri-unix!alt@aids-unix From: alt%aids-unix@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: The Security of UNIX Message-ID: <2293@sri-arpa.UUCP> Date: Fri, 17-Jun-83 20:24:00 EDT Article-I.D.: sri-arpa.2293 Posted: Fri Jun 17 20:24:00 1983 Date-Received: Sun, 19-Jun-83 17:27:59 EDT Lines: 31 From: Howard AltThere are important things reguarding the security of UNIX that need to be discussed. To make the discussions more valuable, it is necessary for many people to contribute thier ideas and thoughts on the matter. I agree that Unix-Wizards might not be the place for such a discussion to take place, but we need to find some way to include people in discussions, and not have "undesireables" reading the list. I am the system programmer at this site, and I am very interested in the problems that others have had with security so I can take steps to keep my system secure. I can imagine that a few bugs still exist in my system, and I would like to take care of them. It seems that people who break into computers have a great advantage in that they feel free to talk to others about how they did it, whereas in our case, we can't talk about problems that we have had with security for fear of giving the wrong person more info. Clearly, this problem is not an easy one to solve. What is required is a form of communication that has a controlled audience. I purpose that we set up the following: an alias at each site that the system administrator has set up. One copy (and only one) would go out to each site, and system administrator would be responsible for keeping people off the list who shouldn't see it. We must assume that people who are given root password are people that can be trusted. This is not the most secure system in the world, but I can't think of much more that could be done. Of course, some sort of verification of the "Please add this site" must be done, but I don't see this as a problem. Perhaps a name like Unix-Security would be appropriate. Of course, this should be limited to System managers, and System programmers. Well, any comments/flames/whatever should go to the list for further discussion. Howard.