X-Message-Index: 287
X-Message-Prev: 291
X-Message-Next: 288
X-Thread-Prev: 283
X-Thread-Next: 285
From: Barry Shein <encore!pinocchio!bzs@talcott.harvard.edu>
To: phage
X-To: rlk@think.com, tytso@athena.mit.edu, tytso@athena.mit.edu,       ames!pyramid.pyramid.com!csg@ea.ecn.purdue.edu, phage
Subject: DANGER: UUCP *can* propogate the Worm
Date: Sun, 20 Nov 88 10:05:13 est
X-Date: Sun 10:05:13 20/11/1988 EST


There's nothing inherently wrong in using multiple uid's (your summary
seemed complete enough) for various sub-systems. I would guess that
many people, including myself, have used that kind of thing. A lot of
the games wanted special access to their scores file thru setuid
execution so we used the pseudo-user falcon (maybe that's spelled
wrong, as in war games) to own the scores files rather than root or
whatever they recommended.

On the other hand I think we have to be cautious about fooling
ourselves. People are proposing all sorts of prophylactic security
mechanisms (this one, shadow passwds etc) which I believe is a bad
thing to stress in general. It seems to be the management of
insecurity rather than any attempt to create security. Have we really
given up and just decided to limit the damage? Sounds like a bad idea.
Also an infinite pit into which we will regret having slipped.

	-Barry Shein, ||Encore||