Re: Security hole in Debian's /bin/false?
On Mon, 7 Jul 1997, Alex Romosan wrote:
> >> I don't know about other Unices but at least IRIX has it's /bin/true and
> >> /bin/false set to shell scripts as well. It seems that Debian's no worse
> >> off than SGIs and other Linux distributions at least.
> >If there exists at least ONE really insecure Unix, it is called IRIX. There's
> >nothing in the line of IRIX so don't be surprised.
> /bin/true and /bin/false are also shell scripts on solaris. they are
> not on digital unix and aix. it looks like it is a system v thing. so
> there. as for irix being insecure, it is a function of the system
> administrator (sgi is pretty good at releasing patches).
Sorry but I _don't_ think it's appropriate to ask the system administrator
to remove 10^6 suid programs on IRIX, all inetd services and non-inetd
services just to get _some_ sense of security. IRIX is _not_ secure - it's
a fact. Security was never in the design specs for IRIX - useability was
probably requirement #1. Why would they create a dozen suid admin-tools if
it wasn't for useability alone - it's just plain wrong from a security
The SGI policy is that you shoulnd't have put an SGI box on the net in the
first place if you don't have a firewall to guard it.
Strangely - the oses I have _some_ confidence in wrt security are AIX and
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .