From: Andrew Gierth Subject: Re: Is Unix security really so weak? Date: 1997/04/04 Message-ID: <87lo6zpl9c.fsf@erlenstar.demon.co.uk>#1/1 X-NNTP-Posting-Host: erlenstar.demon.co.uk References: <33449CF0.68F6@enternet.com.au> X-Mayan-Date: Long count = 12.19.4.0.18; tzolkin = 8 Etznab; haab = 1 Uayeb Organization: disorganised X-Attribution: AG Newsgroups: comp.security.unix,comp.unix.admin,comp.unix.solaris >>>>> "Peter" == Peter Luckock writes: Peter> Hi. Peter> As an end-user I need access to Oracle SQL*Plus on a Peter> SUN/Solaris installation (sorry, I don't have version Peter> details). And a home directory. Nothing more. Peter> But wait! The Unix admin/support unit at my workplace tell me Peter> that what I'm asking for is impossible, "for security Peter> reasons". Haha. Peter> I'm now being told that NO user account in Unix is safe - that Peter> no matter how many controls are implemented by the superuser, Peter> even a humble end-user account could be used successfully to Peter> crack them all and evade detection. And the risk of this Peter> happening is serious enough to be of concern to auditors. Peter> I find this all rather implausible, especially for an OS Peter> that's been kicking around for 20 years. You'd think that Peter> companies like SUN would be very quick to plug any holes as Peter> big as that. I've never used Solaris, but on HP-UX there was a group of people who's main aim in life was to find a new security bug in HP-UX every week. Most of these, despite being publically announced, went unfixed for weeks or months - and in some cases, the fix was then immediately broken by the same people. Almost all of them were buffer overruns or file overwrites - programs with root privilege that could be fed bogus data to make them do strange things. This isn't so much a flaw in Unix, as simply not being sufficiently defensive in programming. Quite a lot of it is "C Programmer's Disease" - the use of arbitrary-sized arrays, buffers etc. Peter> Or, if my colleagues are right and Unix "security" is really Peter> an illusion, then why do we still use it? (How did the Peter> auditors ever approve it?) Peter> Perhaps it's just another case of the old "sorry, can't be Peter> done" excuse? It may well be more work for the admins (keeping up with security patches, etc.) maintaining the level of security they wish if they have to cope with local shell users (a large proportion of security holes require a local account). -- Andrew.