Bugtraq mailing list archives

Re: UnixWare

From: perry () snark imsi com (Perry E. Metzger)
Date: Wed, 27 Apr 1994 07:23:49 -0400


Carl Corey says:

If you eliminate suid programs, access to dangerous devices, and the
capacity to leave programs around for you the administrator to execute
(i.e. trojan horses), you've gone a long way towards making your
system inherently secure. Almost all defects in the security of public
access sites lie in one of these things, or in an obvious hole like
bad file permissions.


I have everything secured as far as that goes.  I have set all permissions,
regulated suid files, I have tcpwrapper and tripwire running, I also run a
slightly modified COPS weekly, mailing any diff to me.


This is NOT what I meant. I explicitly mean that you should go beyond
simply leaving the machine as shipped and should actively remove
existing SUID facilities to the extent possible and change all
persistant system processes to run unprivileged if at all possible. I
do not merely mean "regulating" SUID facilities. I really mean
actively yanking them out and replacing them with non-SUID facilities.
I also mean eliminating openings like world writable utmp files,
devices, etc.

If you do enough of that, you make your system inherently secure.

Perry

Current thread:

Re: UnixWare Carl Corey (Apr 26)
- Re: UnixWare Perry E. Metzger (Apr 27)
  - Re: UnixWare Michael Neuman (Apr 27)
    - Re: UnixWare Gene Spafford (Apr 27)
    - Re: UnixWare a.e.mossberg (Apr 28)
    - Re: UnixWare Gene Spafford (Apr 28)
    - Re: UnixWare David A. Curry (Apr 28)
    - HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
    - Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
    - Re: UnixWare Christopher Klaus (Apr 28)
    - Re: UnixWare Gene Spafford (Apr 28)
- <Possible follow-ups>
- Re: UnixWare Carl Corey (Apr 27)

(Thread continues...)