Symbolic Links VS. Security
Robert Elz
kre at mulga.OZ
Tue Nov 13 16:12:00 AEST 1984
| > As a person isolated from the US, I can only wonder why the UNIX
| > tools (and system) implementors don't take more care with security.
| > ... Once an implementor
| > thinks about such things ...
| > ... then programs could be made *without* these recurring bugs.
|
| Thinking before coding is something the Berklix authors didn't do very
| consistently. This is not to say that USG/USDL/whatever-it-is-this-week
| is any better; most of *those* people can't think at all.
| --
| Henry Spencer @ U of Toronto Zoology
| {allegra,ihnp4,linus,decvax}!utzoo!henry
4.2 must be the most widely pre-discussed, and pre-publicised
system of all time - just think back 18 months ago, (or so)
look at all the news "x is going to be in 4.2"....
(Then go back, way back another 2 years, to when it all started)
There was plenty of thought about those issues that were issues.
Security, though, was not a major issue - when you get a 4.2
system, you get the system that Berkeley prepared for ARPA.
There were certain goals, tight security was (to the best of
my knowledge) never one of them. If you don't like that,
then run something else.
Basically, Berkeley (and I suspect Bell) have environments where
the users are expected to be, and are, considerate of the system.
Security on those systems is a method to protect against accidents,
not against invasions. That has the advantage, that breaking into
such a system provides no glory at all - its simply tedious, stupid,
and anti-social. (So intelligent people don't bother trying)
Robert Elz decvax!mulga!kre
ps: Henry - How do you manage to find a job where you get time
to post all that news ?? :-)
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list