Looking for info on UNIX security holes...

Mark Frost humtech at ucschu.ucsc.edu
Thu Feb 15 08:51:28 AEST 1990 

This may be a touchy subject as this is definitely considered to be
sensitive information, but here goes....

I'm writing a paper for a graduate class called Advanced Operating Systems.
I am interested in writing my final paper for the class on "UNIX
security holes". I've read Clifford Stoll's excellent book "The Cuckoo's
Egg" as well as Gene Spafford's paper on the network worm of a year or
so ago. I've also picked up Clifford Stoll's paper "Stalking the Wiley
Hacker" from the CACM (although I've not yet read it) and I'm perusing
old issues of comp.risks.

I'd like any references or information that people can give me regarding
possible "holes" in UNIX's security system. This can be relating to any
interpretation of the word "security". I would prefer info relating 
specifically to BSD, but anything relating to AT&T UNIX would also
be appreciated. Also, this information may relate to older versions of
these operating systems that may have since been fixed. Absolutely any
references or experiences that people have had would be immensely
appreciated. I'm not so much interested in "send this stream of bytes to
the paging daemon and such and such will happen", but I'm more interested
in the security issues such as the lack of buffered input that (as well as
other issues) allowed the internet worm to spread itself.

If some of the methods/techniques/issues are not too time consuming or
destructive I may try some of them out on the UNIX system on which I am
a co-system administrator.

*****
Please, please, please don't flame me on this. I have had to resort to a net
posting as there is not much published material (at least that I can find) on
this subject. I am not trying to get this information with the intent
to go on any sort of crime spree. I understand asking this is like asking
what the best way to break into someone's house is and I realize that
many net.readers will be hesitant if not hostile about this request.

Please respond via e-mail.

Thanx for your time

Mark Frost
	Office of the the Computing Coordinator
	Humanities Division
	University of California at Santa Cruz
	Santa Cruz, California 95064
	(408) 459-4603
Internet: humtech at ucschu.UCSC.EDU
Bitnet: humtech at ucschu.bitnet
Uucp: ...!ucbvax!ucscc!ucschu!humtech

More information about the Comp.unix.wizards mailing list