Bugtraq mailing list archives

Re: UnixWare

From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Tue, 26 Apr 1994 17:34:09 -0500

In general, its safer to plan a system to be as inherently secure as
possible rather than trying to chase the bugs as they arise.

If you eliminate suid programs, access to dangerous devices, and the
capacity to leave programs around for you the administrator to execute
(i.e. trojan horses), you've gone a long way towards making your
system inherently secure. Almost all defects in the security of public
access sites lie in one of these things, or in an obvious hole like
bad file permissions.

Perry


I have everything secured as far as that goes.  I have set all permissions,
regulated suid files, I have tcpwrapper and tripwire running, I also run a
slightly modified COPS weekly, mailing any diff to me.  

Basically, I was curious as to true bugs in UnixWare, I.E. any cert
advisories or stuff discussed on bugtraq which are still around.  If
someone uses a program which I believe is secure to gain access, then I'm
not doing my job well enough.  Sometime this week I am going to run a whole
bunch of tests, testing all the certs I know how to exploit, 8lgms, etc....

cc

Current thread:

Re: UnixWare Carl Corey (Apr 26)
- Re: UnixWare Perry E. Metzger (Apr 27)
  - Re: UnixWare Michael Neuman (Apr 27)
    - Re: UnixWare Gene Spafford (Apr 27)
    - Re: UnixWare a.e.mossberg (Apr 28)
    - Re: UnixWare Gene Spafford (Apr 28)
    - Re: UnixWare David A. Curry (Apr 28)
    - HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
    - Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
    - Re: UnixWare Christopher Klaus (Apr 28)
    - Re: UnixWare Gene Spafford (Apr 28)

(Thread continues...)