SCO doesn't sell UNIX
David R Morrison
drmorris at athena.mit.edu
Tue Dec 11 10:57:29 AEST 1990
In article <1990Dec08.224008.829 at kithrup.COM> sef at kithrup.COM (Sean Eric Fagan) writes:
> The implementation of C2 that SCO went with *sucks*.
I wrestled with SCO last summer, and what amused me most was that they
went to an extreme to make the machine (kernel/os) secure, and practicly
ignored making a distributed system secure.
Using NFS, by being root on my machine alone, I could access nearly
anyone's files by frobbing my uid. One of my jobs was to set up
printing; their solution to distributed printing (I had a FAX, straight
from support) was along the lines of becoming user 'lp' on the print
server, and doing an rsh to submit the job as 'lp' on the print server.
It wasn't difficult to forge becoming 'lp' there.
This is a C2 secure system?
Dave Morrison
More information about the Comp.unix.sysv386
mailing list