Mail not delivered yet, still trying
SMTP MAILER
postmaster at sandia.gov
Thu Jun 7 01:13:30 AEST 1990
----Mail status follows----
Have been unable to send your mail to <ckaul%math at cs.sandia.gov>,
will keep trying for a total of three days.
At that time your mail will be returned.
----Transcript of message follows----
Date: 5 Jun 90 05:09:00 MDT
From: info-unix at BRL.MIL
Subject: INFO-UNIX Digest V10#052
To: "ckaul" <ckaul%math at cs.sandia.gov>
Return-Path: <incoming-info-unix-request at sandia.gov>
Received: from SEM.BRL.MIL by sandia.gov with SMTP ;
Tue, 5 Jun 90 04:59:10 MDT
Received: from SEM.BRL.MIL by SEM.BRL.MIL id ab06444; 5 Jun 90 6:06 EDT
Received: from sem.brl.mil by SEM.BRL.MIL id aa06436; 5 Jun 90 5:45 EDT
Date: Tue, 05 Jun 90 05:45:19 EST
From: The Moderator (Mike Muuss) <Info-Unix-Request at BRL.MIL>
To: INFO-UNIX at BRL.MIL
Reply-To: INFO-UNIX at BRL.MIL
Subject: INFO-UNIX Digest V10#052
Message-ID: <9006050545.aa06436 at SEM.BRL.MIL>
INFO-UNIX Digest Tue, 05 Jun 1990 V10#052
Today's Topics:
Re: How secure is UNIX?
Re: SEX! or, how do I mail to a lot of unix users?
Re: REVISED: How do I send e-mail to lots of users at a remote unix site?
Re: Unix for PDP-11/23
Abnormal Cron Behavior -- very strange.
Using RCS and make
Re: Unix for PDP-11/23
Re: How secure is UNIX?
-----------------------------------------------------------------
From: Dan KoGai <dankg at tornado.berkeley.edu>
Subject: Re: How secure is UNIX?
Keywords: Security, ftp
Date: 4 Jun 90 10:24:22 GMT
Sender: "USENET Administrator;;;;ZU44" <usenet at agate.berkeley.edu>
To: info-unix at sem.brl.mil
In article <36584 at ucbvax.BERKELEY.EDU> lauther at janus.Berkeley.EDU.UUCP (Ulrich Lauther) writes:
>In article <6368 at amelia.nas.nasa.gov> samlb at pioneer.arc.nasa.gov.UUCP (Sam Bassett RCS) writes:
>>
>> I agree -- the documentation should be more straightforward about
>>the dangers of the .netrc, and for d**n sure, whoever is teaching kids
>
>I just wonder why not the same technique is used with .netrc as with
>/etc/passwd: have the file readable, but sensitive parts encrypted?
I don't think so: I don't think /etc/passwd was a good idea: It's
encrypted. So what? That means you can take time to feed random string to
encryptor, which is available, then find the matching string. Maybe you can
feed it from dict file--people's name makes big candidate for considerably many
people choose their password from thier (boy|girl)friends' or spouses' names.
What I don't understand is that my password is not a kind of string found on
dict but it's still feasible to use "power" rather than "tech" to break
secirity in UNIX.
I admit my .netrc was not a good idea. But still I think it's possible
for that moron to kill at least OCF account: Some others suggested that
some of UNIX has a serious problem in user switching. One of my friends
witnessed that he was accidentally su'd to somebody else.
At very least finger info and passwd file must be saparated.
If possible, it might be a good idea to hard-code secirity part of UNIX, that
is, implement seciryty by hardware than software. On current system encrypted
or not, precious password info is visible. How about ATM card way (I don't
think it's valid idea--How about dialin?)--No one but card knows your password.
there remains the problem in case of loss of cards or "keys" but it's at
very least far more secure than current UNIX implementation of password.
----------------
____ __ __ + Dan The "Raped" Man
||__||__| + E-mail: dankg at ocf.berkeley.edu
____| ______ + Voice: +1 415-549-6111
| |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A
|___ |__|__| +
|____|____ + "What's the biggest U.S. export to Japan?"
\_| | + "Bullshit. It makes the best fertilizer for their rice"
-----------------------------
From: Dan KoGai <dankg at tornado.berkeley.edu>
Subject: Re: SEX! or, how do I mail to a lot of unix users?
Keywords: sex, batchmail
Date: 4 Jun 90 11:41:12 GMT
Sender: "USENET Administrator;;;;ZU44" <usenet at agate.berkeley.edu>
To: info-unix at sem.brl.mil
In article <900531083002.30e0d06c at Csa2.LBL.Gov> thermal%solgel.hepnet at CSA2.LBL.GOV writes:
>I would like to be able to send a mail message to all the users on
>a unix machine. Of course, I could do it the long way, that is,
>do a 'finger' or 'who', thus getting a list of all the users, and
>then sending a mail message to each, one at a time. Is there a
>quicker way? (it seems to me there could be two or three different
>ways, such as setting up a mailing list, or some nifty command that
>will do this on one stroke of the finger). Obviously, I'm not a
>unix guru or wizard, so make your explanation understandable, please.
I advise aginst it: 1st of all it may clog /usr/spool/mail if
you batchmail something big. 2nd of all UNIX offers several other utilities
such as msgs to send messages to unspecific users.
I say so because I'm an ex-con: I did it once and my professor axed
me. It's considered antisocial as long as UNIX has alternate ways. But
batchmail appears anytime before election of student sanate and I'm pissed
to find those damn political campaigns on my already large mail file.
However, since I am not a kind of person trying to secure things
by keeping people ignorant, I'll show you just one example.
This works only when your system uses /etc/passwd, which is a lot
of cases but not necessarily true (most large sites use yp).
On /etc/passwd, each users info is stored in each line, each field
delimited by ':'. Login name appears 1st and that's the only thing you need.
so only thing it takes is:
Dana's prompt > mail `awk -F: '{print $1}' /etc/passwd`
But this is hardly elegant, especially when you have too many accounts:
it may cause your mail header to overflow. To avoid this, you can use
following csh script (Sorry, I'm berkeleynian and not used to sh):
#!/bin/csh -f
#foo
foreach address (`awk -F: '{print $1}' /etc/passwd`)
mail $address < $1
end
And invoke this script by "foo file-to-send". Careful! your
/etc/passwd might contain bogus uses and my example has no fool-proof feature.
to achieve it, just change awk script in there.
If your site uses yp things are completely different but you still
got the idea: The only trick is how to get all user names.
But I repeat: Don't batchmail unless you have to: Use msgs or other
utils. If you have local newsgroups, post there! Mail is supposed to be
for personal uses and I hate direct mails and stuffs.
----------------
____ __ __ + Dan The "ex-con" Man
||__||__| + E-mail: dankg at ocf.berkeley.edu
____| ______ + Voice: +1 415-549-6111
| |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A
|___ |__|__| +
|____|____ + "What's the biggest U.S. export to Japan?"
\_| | + "Bullshit. It makes the best fertilizer for their rice"
-----------------------------
From: Dan KoGai <dankg at tornado.berkeley.edu>
Subject: Re: REVISED: How do I send e-mail to lots of users at a remote unix site?
Date: 4 Jun 90 11:54:07 GMT
Sender: "USENET Administrator;;;;ZU44" <usenet at agate.berkeley.edu>
To: info-unix at sem.brl.mil
In article <900531093335.30e0f102 at Csa2.LBL.Gov> thermal%solgel.hepnet at CSA2.LBL.GOV writes:
>
>I would like to be able to send a mail message to all the users on
>ANOTHER unix machine via Internet. Of course, I could do it the long
>and tedious way, that is, by sending a mail message to each user, one
>at a time. Is there a quicker way? (it seems to me there could be two
>or three different ways, such as setting up a mailing list file on my
>machine which will automatically mail the message to all on the list,
>or sending one message to the remote machine and somehow instruct it
>to distribute the message to all the users). Obviously, I'm not a
>unix guru or wizard, so make your explanation understandable, please.
>
In my last followup, I said "you'd better not do that" and that time
I was assuming you just wanted to batchmail locally. Now you are asking
for doing it remotely.
I say "don't do it!" Batchmail in local site alone is anti-social
enough. Batch-remote mail sounds as guily as a crime: It would end up with
clogging network. One day I posted same article to another newsgroup
(How secure is UNIX?) because I forgot to crosspost and got a dozen mails
criticizing that. My mistake is nothing compared to what you are tring to
do.
And to make matters worse, it could be as easy as the case of local
batchmailing: The only thing you need is list of address and there are
many ways to do that: I don't think you can get remote list unless you have
the remote account and read access to /etc/passwd or yp but still this can
be resolved if you have a friend in remote site and have her/him mail the
list to you.
The only thing we can depend on net traffic is conscience of each users
so far. I can't criticize you because I am not 100% innocent but the fact
remains.
Plus why do you need it? We already have netnews if you need to
broadcast something. Please don't abuse e-mails.
----------------
____ __ __ + Dan The "ex-con" Man
||__||__| + E-mail: dankg at ocf.berkeley.edu
____| ______ + Voice: +1 415-549-6111
| |__|__| + USnail: 1730 Laloma Berkeley, CA 94709 U.S.A
|___ |__|__| +
|____|____ + "What's the biggest U.S. export to Japan?"
\_| | + "Bullshit. It makes the best fertilizer for their rice"
-----------------------------
From: Doug Toppin <toppin at melpar.uucp>
Subject: Re: Unix for PDP-11/23
Date: 4 Jun 90 15:15:14 GMT
Followup-To: poster
To: info-unix at sem.brl.mil
In article <31 at mhinfo.UUCP>, carrato at mhinfo.UUCP ( tony carrato) writes:
> A friend has a PDP-11/23 sitting in a closet at home. We were wondering
We use extensively something called Ultrix-11 on the 11/73. It
is not bad. DEC used to sell it but I believe that they just stopped
supporting it. You might be able to get it for free from them.
Doug Toppin
uunet!melpar!toppin
-----------------------------
From: Meek <kmeek at cti1.uucp>
Subject: Abnormal Cron Behavior -- very strange.
Keywords: cron
Date: 4 Jun 90 18:52:54 GMT
To: info-unix at sem.brl.mil
Our cron seems to be acting a little strange:
When we do a crontab -l it lists all the entries that we have queued up
using the crontab command. But according to the log only some of them are
being executed.
Another strange thing is when we try to restart the cron after it is already
running it comes back with the following message:
! cannot start cron; FIFO exists Wed Dec 31 19:00:09 1969
! ******* CRON ABORTED ******** Wed Dec 31 19:00:09 1969
Notice the date -- 1969! this is definitely not correct and does not
correspond to the system time or the time stamp of the /usr/lib/cron/FIFO
file which looks like this:
prw------- 1 root other 0 Jun 1 14:04 /usr/lib/cron/FIFO
We are running AT&T System V 3.2.2 on a 3B2/600G if that helps.
Please Email any suggestions or ideas to me and I will summarize.
Thanks
Kevin Meek
Comprehensive Technologies Int'l Inc.
2121 Crystal Drive Suite #103
Arlington, VA 22202
uunet!cit1!kmeek OR cti1!kmeek at uunet.uu.net
-----------------------------
From: Michael R Tucker <mrt7455 at evtprp0b>
Subject: Using RCS and make
Keywords: RCS, make, unix, version control
Date: 4 Jun 90 16:37:58 GMT
Sender: mrt7455 at evtprp0b.uucp
Followup-To: comp.lang.c
To: info-unix at sem.brl.mil
I am looking into using RCS for version control of my software
projects. I would like to know how to use RCS and make together. If any
one can help me, I'd sure appreciate it. I would like to see an example
makefile using RCS.
-----------------------------
From: David Taylor <dave at upvax.uucp>
Subject: Re: Unix for PDP-11/23
Date: 4 Jun 90 16:44:42 GMT
Followup-To: comp.sys.dec
To: info-unix at sem.brl.mil
I would also be interested in locating a copy of unix for an 11/23 ,
Especially BSD (I have a license but no code it was lost before
my time when they upgraded one of our systems)
Thanks for any info..
Dave
------------------------------------------------------------------------------
> David Taylor, Senior Systems Operator | My opinions are my own and my boss <
> University of Portland | Likes it that way..................<
> School of Engineering | E-Mail: <
> 5000 N Willamette Blvd. | UUCP: ...!tektronix!upvax!dave <
> Portland Or. 97203-5798 | ph: (503) 283-7309 <
------------------------------------------------------------------------------
-----------------------------
From: Boyd Roberts <boyd at necisa.ho.necisa.oz>
Subject: Re: How secure is UNIX?
Keywords: Security, ftp
Date: 5 Jun 90 00:59:39 GMT
ley.edu>
To: info-unix at sem.brl.mil
In article <1990Jun4.102422.12896 at agate.berkeley.edu> dankg at tornado.Berkeley.EDU (Dan KoGai) writes:
>
> I don't think so: I don't think /etc/passwd was a good idea: It's
>encrypted. So what? That means you can take time to feed random string to
>encryptor, which is available, then find the matching string.
>
Dan, my man you seem to have jumped to the conclusion that UNIX isn't
secure because someone broke into your account and blew away your files.
How this was done would appear to be attributable to stupidity, and
not to underlying flaws in UNIX password security.
At this point I'd like to make the distinction between UNIX password security
and the various `security' of IP based networking utilities. With those,
there is _no_ security. I think RTM and various others have proved this
beyond a shadow of a doubt. UNIX password security is secure, provided you
have chosen a reasonable password.
Sure, you can snarf /etc/passwd and try a dictionary attack. But, you have
to get access to the machine first. Without access to the machine it's
near impossible to break. Shadow password files nullify this method of attack,
although I don't like this password file dichotomy.
The bottom line is that password security works. Most systems aren't broken
into. The ones that are broken are usually compromised by some sloppy
(ie. networking) utility or a flawed UNIX port.
So Dan, a piece of advice:
$@$*$H$7$^$((J $@$*(J $@$D$1$F(J!
Boyd Roberts boyd at necisa.ho.necisa.oz.au
``When the going gets wierd, the weird turn pro...''
-----------------------------
End of INFO-UNIX Digest
***********************
More information about the Comp.unix.questions
mailing list