home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.next.sysadmin
- Path: sparky!uunet!usc!sdd.hp.com!ux1.cso.uiuc.edu!lemson
- From: lemson@ux1.cso.uiuc.edu (David Lemson)
- Subject: Re: Are 3.0 daemons stable and secure?
- Message-ID: <Bs8Jzq.1pF@ux1.cso.uiuc.edu>
- Organization: University of Illinois at Urbana
- References: <Bs8EJ6.Cs6@ux1.cso.uiuc.edu>
- Date: Fri, 31 Jul 1992 04:18:48 GMT
- Lines: 39
-
- jeffo@ux1.cso.uiuc.edu (J.B. Nicholson-Owens) writes:
-
- >And while I'm asking this, does 3.0 come with the changes that they
- >say are 'secure' versus 2.1 insecure features (the things I'm speaking
- >of are listed in the SysAdmin manual)? Why, if these things are
- >known, would NeXT choose to ship insecure machines?
- There are good reasons that standalone machines would want to be set
- up the way that NeXT ships them. You could go through each thing
- that is mentioned in the infamous Chapter 16 and find a reason that
- it is shipped that way. By the way, if you read Chapter 16, it
- always tells why one would want the insecure behavour.
- A few (I'm basically quoting out of the manual):
- Why is / 1777 ? Plenty of people like to make directories off of
- their root without having to become root to do this. Maybe they
- 'shouldn't', but it isn't that big of a deal when you are the only
- one who uses this machine.
- Why is PrintManager setuid root? So you can delete print jobs,
- regardless of who created them.
- Why is Preferences setuid root? So that you can change the time
- without having to log in as root, which people shouldn't be doing
- all the time anyway.
- Why isn't trusted_networks already set? It would be impossible for
- them to know which networks I want to trust!
- etc...
-
- There are somethings that a system administrator has to do.
- No system ships their system competely impenetrable... Sun still
- ships machines with a '+' in the /etc/hosts.equiv. (I wonder
- whether they will still do so with Solaris 2.0, if it ever comes
- out...)
- The fact that NeXT documents these 'holes' sure is nice. The other
- holes that are fairly important have been issued through CERT
- advisories and NeXT has remedied them (rdist, for example...which
- hit almost every BSD system anywhere).
- --
- David Lemson (217) 244-1205
- University of Illinois NeXT Campus Consultant / CCSO NeXT Lab System Admin
- Internet : lemson@uiuc.edu UUCP :...!uiucuxc!uiucux1!lemson
- NeXTMail accepted BITNET : LEMSON@UIUCVMD
-