Firewall Wizards mailing list archives
Trusted Unices Aren't?
From: ark () eltex ru
Date: Fri, 16 Oct 1998 15:51:20 +0400
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, /* First, an "offtopic killer": somebody from SCO suggested using TIS fwtk under SCO CMW+ as very secure firewall solution (fwtk-users () tis com ml) */ It seems that nearly nobody noticed that one of latest vendor-initiated bulletin for CERT (mscreen) listed SCO CMW+, a-claimed-to-be-close-to-B2 upgrade for SCO Unix, in the list of vulnerable systems. Said to be possible root compromise. How can this happen? How can "a serial multiscreen utility", a program that should have nothing like root privileges on an MLS system, be vulnerable _that way_? Does that just mean that at least _some_ "hardened unix" vendors just allow generic "suid root" programs running in this environment, thus completely trashing the whole MLS model? Does that mean that you need, say, VMS, if you need _real_ multilevel security? What about closer look to Trusted Solaris, DG/UX, whatever else exists on this market? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNiczNqH/mIJW9LeBAQHgzAP/bvVRObO+sVGHPyYI9DBirb/fZbHk+9WM BIxqQEhG+6u5IqPjutlQUaF0TU5LmRvQVRCkzs1YObyB3MkYJRuRaPVqlN7/cv2/ /DzihgmSowWP2GfGzzizbQalmhWnV7wHwpLELYjVxfvVPUzXhfPNWgL1q6i26YS4 0pdev/7hpcs= =KWWA -----END PGP SIGNATURE-----
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)