C2 and Networking <was: SECURITY BUG IN INTERACTIVE UNIX SYSV386>
Rob Healey
rhealey at digibd.com
Fri Feb 22 09:23:49 AEST 1991
In article <249 at raysnec.UUCP> shwake at raysnec.UUCP (Ray Shwake) writes:
>wengland at stephsf.stephsf.com (Bill England) writes:
>> As for the Uucp I believe that having strict C2 requires NOT using
>> UUCP and disallowing ftp. I'm not sure if TCP/IP would be
>> considered a C2 security violation and even running an xterm may
>> be a problem.
>
>I don't think this is true, at least in the case of UUCP. What, after all,
>is the difference between a uucp login and a user login? Both operate under
>the various discretionary access controls, audits, etc. associated with
>C2. FTP may be another story however.
>
If I remember my original purusing of the manuals, ANY form of
networking on the machine invalidates C2 specifications...
Either UUCP or TCP would disqualify the system as C2. Did SCO
ACTUALLY have this system checked and validated for C2 by the
feds? Or are they pulling a SUN and only saying it COULD be C2?
-Rob
More information about the Comp.unix.sysv386
mailing list