The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #247 [Availability of Morris Technical Report] (1 message, 785 bytes)
NOTICE: recognises the rights of all third-party works.


From: [email protected]
To: phage
Date: Sat 02:15:20 12/11/1988 EST
Subject: Availability of Morris Technical Report
References: [Thread Prev: 285] [Thread Next: 248] [Message Prev: 241] [Message Next: 248]

Those interested in earlier works of Robert T. Morris,
or interested in network security in general, might wish
to read AT&T Bell Laboratories CSTR #117, "A Weakness in the
4.2BSD Unix TCP/IP Software," by Robert T. Morris,
dated Feb. 25, 1985.  An abstract of the abstract:

	... [E]ach 4.2BSD system "trusts" some other set of other
	systems, allowing users logged into trusted systems to
	execute commands via a TCP/IP network without supplying
	a password.  These notes describe how the design of TCP/IP
	and 4.2BSD implementation allow users on untrusted and
	possibly very distant hosts to masquerade as users on
	trusted hosts.  Bell Labs has a growing TCP/IP network
	connecting machines with varying security needs;
	perhaps steps should be taken to reduce their vulnerability
	to each other.

This technical report, as well as others, may be ordered by writing to

	Ellen Stark
	Room 2C579
	AT&T Bell Laboratories
	600 Mountain Ave.
	Murray Hill,
	NJ 07974

These reports are free of charge.

			Dennis Ritchie
			[email protected]