Mysterious security hole
maureen lecuona
mal1 at pyuxf.UUCP
Wed Jun 19 04:17:09 AEST 1991
James:
I agree that the "security hole" is the result of poor administrative
practice, but I disagree that it is a "vendor" problem. Inasmuch as
one is not buying a "turn key" application when one buys unix, and
since unix presupposes some administration is being done by the
purchasing individual or company, I fail to see any justification for
blaming vendors exclusively.
Vendors would be to blame only if the base installed
system came this with system directories (/usr/bin, say)
with rw permissions for all.
But, as you must know, administrators OFTEN create the conditions which
allow security penetration. After all, they tend to su to root all the
time, and maybe they haven't taken the time to set umask before creating
directories, or installing new products, or making new device nodes, etc...
In any case, the "security hole" is the result of poor administration,
whether it's a vendor, or a novice administrator, and this does not
make this any less of a problem in my view....
M. Lecuona
More information about the Comp.unix.admin
mailing list