Bugtraq mailing list archives

Re: UnixWare

From: perry () snark imsi com (Perry E. Metzger)
Date: Tue, 26 Apr 1994 07:40:51 -0400


Carl Corey says:

I am currently in the position of allowing public access to a 486 running
UnixWare.  Does anyone have a list of bugs that affect it?  The system will
be accessable via dialup _and_ tcp ... If anyone has information regarding
what bugs it has, and what version they are fixed in (or patch IDs, etc)
... please e-mail me or post to the list.  Thanks.


In general, its safer to plan a system to be as inherently secure as
possible rather than trying to chase the bugs as they arise.

If you eliminate suid programs, access to dangerous devices, and the
capacity to leave programs around for you the administrator to execute
(i.e. trojan horses), you've gone a long way towards making your
system inherently secure. Almost all defects in the security of public
access sites lie in one of these things, or in an obvious hole like
bad file permissions.

Perry

Current thread:

Re: CERT Advisory - wuarchive ftpd Trojan Horse Alastair Young (Apr 06)
- Re: CERT Advisory - wuarchive ftpd Trojan Horse Bonfield James (Apr 11)
- <Possible follow-ups>
- Re: CERT Advisory - wuarchive ftpd Trojan Horse Pat Myrto (Apr 19)
  - Re: IETF Dave Fetrow (Apr 19)
    - Re: IETF Brad Passwaters (Apr 19)
    - Summary of NFS Quest Responses Pat Myrto (Apr 20)
    - UnixWare Carl Corey (Apr 25)
    - Re: UnixWare Perry E. Metzger (Apr 26)
    - Re: UnixWare Marc W. Mengel (Apr 26)