[Previous] [Next] [Index]
[Thread]
Re: GSS API (as a DLL)...
In article <199408211718.NAA04793@rock.cis.ufl.edu>,
Bradley C. Spatz <bcs@cis.ufl.edu> wrote:
>+-- hallam@dxal18.cern.ch, writes:
>|
>| Re UNIX being as full of holes as the cheese is over here.... Yep I think
>| we all know that.
>
> "If ... it seems easier to subvert UNIX systems than most other
> systems, the impression is a false one. The subversion techniques
> are the same. It is just that it is often easier to write, install,
> and use programs on UNIX systems than on most other systems, and that
> is why the UNIX system was designed in the first place."
> -- Frederick T. Grampp & Robert H. Morris
This is hardly the place to launch into a security of UNIX flamewar, but
I do want to point out that this statement is pure bullshit. A trivial
example: /etc/passwd on most UNIX systems still displays the encrypted
passwords. On reasonable OSs (like VMS), this data is protected, so
one can not as easy make dictionary attacks. Having this data available
in no way increases the ease of "writing, installing and using" program
under UNIX, unless it's cracking software.
Yes, some unices are now protecting this info in /etc/shadow: this is
an admission of the point.
(I'll avoid launching into flame about the setuid root bug in the design
of most older UNIX kernels that allows anyone to get root from a setuid
shell script. There are gobs more. UNIX is, in fact, "as full of holes
as swiss cheese," apologists or no.)
--
L. Todd Masco | "Large prime numbers imply arrest." - Previously meaningless
cactus@bb.com | grammatically correct sentence. Now...
References: