Unix security additions

John F Haugh II jfh at rpp386.cactus.org
Fri Apr 19 00:00:34 AEST 1991 

In article <6783 at awdprime.UUCP> Tony Sanders <sanders at cactus.org> writes:
>What if the backup/restore utilities on the "secure" system used an
>encryption scheme before writting to tape (like dump|crypt|dd of=/dev/mt,
>assuming each dump will fit on a single tape).  Then tapes written
>on the "secure" system could only be read back by the corresponding
>restore utility on that system.  You must of course secure the
>new backup/restore utilities from them but that's just SOP.

This is a very common scam for secure backups and secure (trusted)
software distribution.  The data is encrypted on the tape.  If it
comes off correctly, you have the data that was put on there.  You
can then check the data for validity by seeing if the checksums on
the files match the cryptographic checksums you were supplied with.
If everything matches, odds are, you have the right tape and the
right stuff on the tape.  This is all a gross oversimplification and
much handwaving is required to finish it off.

>Restoring the information on an insecure system would be useless,
>you have to have the password to use it.

Correct.

>I am not an IBM representative, I speak only for myself.

This actually has been discussed at IBM and other secure UNIX
vendors.  Perhaps you should contact the Security department for
more details if you are still interested.

>I have a wonderful proof that emacs is better than vi,
>   unfortunately this .sig is too small to contain it.

ObReligiousWar:

Both editors are fully programmable.  It is possible to write
"vi" in "emacs" and "emacs" in "vi".  Therefore neither is better
than the other, and the winner is the one with the smallest
executable size.  Therefore "vi" wins.o

It is, of course, predictable that a proof of vi's superiority
would be smaller than a proof of emac's ;-)
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."

More information about the Comp.unix.internals mailing list