Unix security additions

John F Haugh II jfh at rpp386.cactus.org
Mon Mar 11 02:11:18 AEST 1991 

In article <565 at rufus.UUCP> drake at drake.almaden.ibm.com writes:
>I don't know about "unix" in general ... looking at AIX V3 in particular,
>I suspect they are:

Regretably most of what you mention here was done first either by
someone else, or done a long time ago.  Worse, most of the vendors
involved in activities you describe below can't agree how to do
it in the first place.

>o  Access Control Lists (ACLs) on individual files.

Multics comes to mind ...

>o  Getting the passwords where they can't be publically read

This was done for AIX v2, but has also been done with SVR3.2 and
BSD.  No one has solved certain problems with transparency - that
is, making shadowed passwords look and feel like old-style
publically readable passwords.  This means all the programs that
used to think pw_passwd was valid are wrong ;-(.  Making matters
worse, AT&T, BSD, and IBM all fail to converge on a single
mechanism (and AT&T fails to agree on a single file format for
there various releases).  So you have a non-standard,
non-transparent feature ...

>o  Telling me when I log on when the last time I logged on was,
>   and how many times someone has tried to log onto my account
>   with an invalid password since I last logged on.

This has been a VAX/VMS feature for quite a while, and has been
available in public domain UNIX login systems for several years.
One neat thing IBM has added is event auditing so password
failures can be monitored and handled in real time.  On the bad
side, they don't use syslog(), so BSD people are left out cold.

>o  Eliminating setuid shell scripts

IBM has yet to actually do this, although BSD has recommended you
don't use the feature and AT&T has allegedy fixed the holes and put
them back.  It is still possible in AIX v3 to exploit the same old
security holes in setuid shell scripts that existed years ago in
BSD setuid shell scripts.

The next four security features to be added will be doing the above
four correctly and in a manner which the entire industry can agree
upon.  There is nothing worse than a feature that is useless because
it acts different ways on different platforms.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"I've never written a device driver, but I have written a device driver manual"
                -- Robert Hartman, IDE Corp.

More information about the Comp.unix.admin mailing list