SECURITY BUG IN INTERACTIVE UNIX SYSV386
Bill England
wengland at stephsf.stephsf.com
Fri Feb 15 10:41:32 AEST 1991
In article <1854 at chinacat.Unicom.COM> chip at chinacat.Unicom.COM (Chip Rosenthal) writes:
>
[...]
>fixing logfile permissions. If UNIX is broken, no amount of C2 cruft is
>going to fix it.
True. Presumeably when you purchase the rights to use SecureWare's
tools they give you a _test_suite_ of ice-breaking software that tests
for security bugs on your system. It would be bad advertising indeed
to certify a system C2 and then have this bug unvieled. :-)
As for the Uucp I believe that having strict C2 requires NOT using
UUCP and disallowing ftp. I'm not sure if TCP/IP would be
considered a C2 security violation and even running an xterm may
be a problem.
--
+- Bill England, wengland at stephsf.COM -----------------------------------+
| * * H -> He +24Mev |
| * * * ... Oooo, we're having so much fun making itty bitty suns * |
|__ * * ___________________________________________________________________|
More information about the Comp.unix.sysv386
mailing list