Morris Tech Report

dmr at alice.UUCP dmr at alice.UUCP
Sat Nov 12 17:10:32 AEST 1988


Those interested in earlier works of Robert T. Morris,
or interested in network security in general, might wish
to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
4.2BSD Unix TCP/IP Software," by Robert T. Morris,
dated Feb. 25, 1985.  An abstract of the abstract:

	... [E]ach 4.2BSD system "trusts" some other set of other
	systems, allowing users logged into trusted systems to
	execute commands via a TCP/IP network without supplying
	a password.  These notes describe how the design of TCP/IP
	and 4.2BSD implementation allow users on untrusted and
	possibly very distant hosts to masquerade as users on
	trusted hosts.  Bell Labs has a growing TCP/IP network
	connecting machines with varying security needs;
	perhaps steps should be taken to reduce their vulnerability
	to each other.

This technical report, as well as others, may be ordered by writing to

	Ellen Stark
	Room 2C579
	AT&T Bell Laboratories
	600 Mountain Ave.
	Murray Hill,
	NJ 07974

These reports are free of charge.

			Dennis Ritchie
			research!dmr
			dmr at research.att.com



More information about the Comp.unix.wizards mailing list