How to stop future viruses.
John F. Haugh II
jfh at rpp386.Dallas.TX.US
Thu Nov 10 13:30:07 AEST 1988
In article <2178 at cuuxb.ATT.COM> dlm at cuuxb.UUCP (Dennis L. Mumaugh) writes:
|In article <16722 at agate.BERKELEY.EDU> greg at math.Berkeley.EDU (Greg) writes:
| Now that we've killed all copies of the Internet virus and
| fixed sendmail and fingerd, it's time to thinking about
| stopping future viruses.
|
| Here is some of what needs to be done
|
|1. Protect the password file.
|
| On most Unix systems that I've seen, /etc/passwd is publicly
| readable. There is no reason for this. It's amusing to
| have encrypted passwords that anyone can look at, but it's
| also a security hole.
|
|This problem was announced in 1976 and fixed in most secure
|systems [I did it for NSA]. ATT has shadow (hidden) passwords
|in System V Relase 3.2. Other vendors: go thou and do likewise.
|The ONLY problem, applications programs can't use password
|validation for authentication then. Of course a Yellow Pages RPC
|call could be used:
I began working on a login replacement Friday. It is virtually
complete and only needs minor tweaking. It has most of the features
of the better logins - subsystem logins, console-only root logins,
environmental variables set from login: response, etc.
I will be posting the code to alt.sources and pubnet.sources some
time tonight to solicit comments and suggestions.
Unfortunately, I also need a su(1) and passwd(1) replacement. I
think I need some other stuff as well, but I don't remember ...
The resulting code will be public domain and freely reproducible
without any restrictions.
--
John F. Haugh II +----Make believe quote of the week----
VoiceNet: (214) 250-3311 Data: -6272 | Nancy Reagan on Artifical Trish:
InterNet: jfh at rpp386.Dallas.TX.US | "Just say `No, Honey'"
UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
More information about the Comp.unix.wizards
mailing list