new password idea
Doug Gwyn
gwyn at smoke.brl.mil
Sat Apr 27 07:18:20 AEST 1991
In article <1991Apr26.171549.10502 at escom.com>, al at escom.com (Al Donaldson) writes:
> After a small number of tries (less than 10), it made me root.
Then there was the (Sixth Edition?) bug which would allow one to log in as
the superuser merely by typing 100 zeroes at the password prompt. (Lack
of a buffer overflow check.)
I must by now have seen around a hundred distinct security loopholes in
various UNIX implementations. I don't conclude that UNIX has more
problems in this regard than do other operating systems, however; I have
much more experience with UNIX security, and whenever I've looked for
ways to break into other operating systems I've found them.
I don't know what the solution to this category of problem is. None of
the proposed security methodologies strikes me as quite right..
More information about the Comp.unix.wizards
mailing list