*BSD News Article 2513


Return to BSD News archive

Path: sserve!manuel!munnari.oz.au!uunet!usc!news
From: merlin@neuro.usc.edu (merlin)
Newsgroups: comp.unix.bsd
Subject: 386bsd security enhancements are needed before using INTERNET!
Date: 25 Jul 1992 22:34:44 -0700
Organization: University of Southern California, Los Angeles, CA
Lines: 35
Sender: merlin@neuro.usc.edu (merlin)
Message-ID: <l74ebkINN1sd@neuro.usc.edu>
NNTP-Posting-Host: neuro.usc.edu

I'm going to suggest someone with a very good knowledge of 4.3BSD UNIX
security should go through and make a list of the most obvious security
problems and fixes which should be applied to 386BSD-0.1.  This listing
should be probably forwarded to ljolitz@cardio.ucsf.edu to ensure it is
incorporated into the next release.

I understand the system is not intended to be secure.  However, it seems
to me obviously easy to fix areas of security concern should be repaired
before the next distribution.  Certainly anyone installing this software
on a network connected machine should use vipw to edit the four accounts
at the end of /etc/passwd out of the system.  Everyone should also enter
passwords (using 'passwd <userid>') for root, toor, and any other userid
with an empty password.  Without these changes, the 386bsd systems could
be very easily identified and exploited by even the most inexperienced
network hacker -- putting an unmodified 386bsd system on a network would 
compromise security of systems previously protected by 'firewall' and/or 
other security mechanisms which rely on the integrity of local machines.

It might also be helpfull to provide a precompiled tar file containing a
copy of each of the binaries necessary to install crypt in tar format on
an anonymous ftp node somwhere on INTERNET.  The tar/cpio archive should
automatically replace the appropriate executables when untarred/uncpio'd.
The README should be very clear about logging into root, untarring this
file, and immediately changing the root password using 'passwd <userid>'.

As far as use of 'crypt' for password authentication -- i have been told
by our local legal people that this is a permitted exception to the well
known prohibition against unlicensed export of cryptographic codes.  The
fact of the matter is that the precompiled password authentication codes
present absolutely no risk to national security.  Indeed, I believe that
the apparently lawfull circulation the the cryptoanalytic codes cracking
passwords certainly present far more risk than a password authentication
archived for domestic and international distribution.

AJ