tty security problems under SunOS 4.1 and SunOS 4.1.1

Fri May 17 01:21:32 AEST 1991

In article <7491:May1502:05:3291 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <16155 at smoke.brl.mil> gwyn at smoke.brl.mil (Doug Gwyn) writes:
>> In article <25239:May1416:21:3591 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>> >In the long term: SunOS is still insecure, and a sufficiently dedicated
>> >cracker can and will be able to get past tty security no matter how many
>> >other holes you close. It is inexcusable for Sun to leave this open.
>> Why?  Has Sun made any promises about absolute security of SunOS?
>> For example, are they claiming B2 certification for it?
>
>Well, they do have an option which, they claim, provides C2 security.
>But I was thinking more on ethical grounds.

I understand that Sun does have a Federal Systems Division, or whatever
they call their spook work, and supposedly are in evaluation, or done
or whatnot on a trusted system.  I've always assumed that when Dan
complains about security holes in alt.security that at the very least
he is referring to a system that pretends to be secure.  Complaining
about security on a system that makes no claims is like complaining that
MS-DOS lets anyone reformat the C: drive - it makes you feel real good,
but then no one said you couldn't just reformat the disk in the first
place.

>> I've always had the impression that UNIX was intended for resource
>> sharing much more than for resource hiding, and that the security
>> mechanisms were meant to prevent accidental problems, not dedicated
>> attacks.
>
>Perhaps you didn't notice the complaint just a few weeks back about how
>somebody was getting output from someone else's background process under
>SunOS 4.0. That sounds like a problem to me. And the commercial world
>(not to mention universities) has to pay attention to dedicated attacks.

I have to agree with Dan on this one.  UNIX is less and less an OS
for "resource sharing" and one for getting "real work" done.  This
may not be pleasing to the old-time UNIX users (I can't stand SVR*
for example), but selling UNIX to the commercial masses does pay
the rent.  There is something particularly refreshing about seeing
AIX run on a 3090/600-J with all that vector stuff and 100GB of
spinning storage - it just makes my skin crawl.

>> I guarantee that there are other security problems on most versions
>> of UNIX besides the one you've been carrying on about.  What makes
>> that one problem so much more significant than the others?
>
>The bugs I've pointed out are on practically every BSD-derived UNIX
>system, meaning practically every UNIX machine on the Internet. The
>smaller set of bugs pointed out by Bellovin are on AT&T-derived UNIX
>systems too. Very few such dangerous holes have survived so long on so
>many machines.

Nonsense.  There are still vendors that insist on shipping machines
with setuid shell scripts.  I'll admit your problem is serious, but
not the one true serious security hole in the system.  NFS is by
far the biggest hole on the planet - I regularly use it to become
root on test systems that I've forgotten the root password to.  And
the worst part is that it lets you creep about so nicely in a warm,
friendly, trusting environment.  Kinda like the stomach flu, only
worse.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."