Unix network security (was "CERT Internet Security Advisory")
Mike Haertel
mike at thor.acc.stolaf.edu
Fri Aug 18 16:40:06 AEST 1989
In article <3942 at phri.UUCP> roy at phri.UUCP (Roy Smith) writes:
>In <1064 at accuvax.nwu.edu> phil at delta.eecs.nwu.edu (William LeFebvre) writes:
>> When /bin/login knows it is processing a remote login, why can't it
>> check the hostname against a list of "allowed" hosts?
>
> [ . . . ]
>
> Actually, I can find one problem with William's suggestion. Just
>like people tend to pick poor passwords, I suspect many people would put
>"*" in their .netaccess files, effectively defeating the whole idea.
If many people would put "*" in their hypothetical .netaccess files
(and I am certainly among those who would) then attempting to restrict
network logins in such a way is not a good idea to begin with. Clearly,
systems should be designed to facilitate peoples' preferred ways of
working. It is better to have to occasionally find and deal with a bad
guy than to cripple everyone just on the offhand chance that a bad guy
might cause trouble.
--
Mike Haertel <mike at stolaf.edu>
``There's nothing remarkable about it. All one has to do is hit the right
keys at the right time and the instrument plays itself.'' -- J. S. Bach
More information about the Comp.unix.wizards
mailing list