SCO Unix security features

[Martin Weitzel]

In article <165 at edat.UUCP> root at edat.UUCP (Superuser) writes:
>In article <1990Aug13.143157.12682 at specialix.co.uk> jpp at specialix.co.uk (John Pettitt) writes:
>>Some comments on the C2 debate:
>
>[deleted criticisms]
>
>SCO has stated that a whole new version of the C2 system is being
>released in the next update.  I beleive this update is due out
>next week.  In particular the management of C2 is expected to be
>much better.

To throw in another $ 0.02:

Isn't one of the key principles of C2 security the following:

	SECURITY MUST NOT BE ACHIEVED BY OBSCURITY

or in other words: Isn't any C2-secure system obliged to describe
each and any method *how* their (until then only claimed) security
is implemented?

If I'm right with the above, I can not understand the whole discussion
and the many complaints about SCO UNIX security features:

	1) SCO does NOT document how C2 security is achieved.
	2) The ones who complain haven't RTFM.

If 1) is true, SCO shouldn't speak of their "C2-secure-UNIX", but
of their "we-try-but-haven't-quite-managed-to-make-C2-secure-UNIX".

If 2) is true, there's no reason to post any more complaints. (To
those who didn't notice the sarcasm in my article until now: Of
course you should continue to post your complaints, as a C2-secure
system which documents its implementation in such a way that you can
not find easily what you are looking for, may well be considered as
one which trys to achieve security by obscurity and hence is *NOT*
C2.)
-- 
Martin Weitzel, email: martin at mwtech.UUCP, voice: 49-(0)6151-6 56 83