Slaying Gould dragon with a wooden

John Chambers jc at cdx39.UUCP
Sat Dec 6 03:24:01 AEST 1986 

Not to change the subject or anything, but I've been
hearing rumors for some time of a security mailing
list that is supposed to exist somewhere.  I've been
interested in system security for some time, both out
of personal interest and because I am an administrator
for a bunch of machines and consultant to others with
machines where there are security interests.

Now, I've done my share of breaking and entering, mostly
on my own machines to learn how others might do it to me,
and also on others to illustrate to their owners how you
might do it to them.  But I don't consider myself a real
security expert.  When I try to learn more, I usually
find that everything printed is the easy stuff that I
already know about.  The more sophisticated stuff I can't
learn about, because, well, it is too sensitive to let
just anyone know about it...

As a result, we have a situation where system administrators
don't learn how people can break into their systems, while
there is a small population around that knows much more than
you or I do about the subject.

Is there any way that someone not already working for the
NSA or CIA or DOD or whoever can really learn the good stuff
about system security?  

The Gould discussion illustrates a good point.  It is obvious,
given a little thought, that a super-user shouldn't have '.'
early in the search path.  I sort of suspect that it shouldn't
be there at all, but I haven't yet figured out the proof.  Until
I read these articles, it simply hadn't occurred to me that this
was a security problem.  (Well, it was obvious that '.' shouldn't
be first in $PATH; I can claim at least that much intelligence. :-)

I'll add this to my list of things to tell security-conscious
administrators about.  Where can I get a comprehensive list of
all the other security holes known to Unix wizards?


-- 
	John M Chambers			Phone: 617/364-2000x7304
Email: ...{adelie,bu-cs,harvax,inmet,mcsbos,mit-eddie,mot[bos]}!cdx39!{jc,news,root,usenet,uucp}
Smail: Codex Corporation; Mailstop C1-30; 20 Cabot Blvd; Mansfield MA 02048-1193
Clever-Saying: For job offers, call (617)484-6393 evenings and weekends.

More information about the Comp.unix.wizards mailing list