The Security of UNIX

[alt%aids-unix at sri-unix.UUCP]

From:  Howard Alt <alt at aids-unix>

There are important things reguarding the security of UNIX that
need to be discussed.  To make the discussions more valuable, it
is necessary for many people to contribute thier ideas and thoughts
on the matter.  I agree that Unix-Wizards might not be the place for
such a discussion to take place, but we need to find some way to include
people in discussions, and not have "undesireables" reading the list.
I am the system programmer at this site, and I am very interested in
the problems that others have had with security so I can take steps
to keep my system secure.  I can imagine that a few bugs still exist
in my system, and I would like to take care of them.  It seems that
people who break into computers have a great advantage in that they
feel free to talk to others about how they did it, whereas in our
case, we can't talk about problems that we have had with security for
fear of giving the wrong person more info.  Clearly, this problem is
not an easy one to solve.  What is required is a form of communication
that has a controlled audience.  I purpose that we set up the following:
an alias at each site that the system administrator has set up.
One copy (and only one) would go out to each site, and system
administrator would be responsible for keeping people off the list
who shouldn't see it.  We must assume that people who are given
root password are people that can be trusted.  This is not the most
secure system in the world, but I can't think of much more that could
be done.  Of course, some sort of verification of the "Please add this
site" must be done, but I don't see this as a problem.  Perhaps a name
like Unix-Security would be appropriate.  Of course, this should be
limited to System managers, and System programmers.  
Well, any comments/flames/whatever should go to the list for
further discussion.
		Howard.