The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #411 [Re: UNIX security] (1 message, 1092 bytes)
NOTICE: recognises the rights of all third-party works.


From: "John G. Ata" <[email protected]>
To: phage
Date: Tue 11:21:00 22/11/1988 EST
Subject: Re: UNIX security
References: [Thread Prev: 292] [Thread Next: 296] [Message Prev: 293] [Message Next: 296]

    From:  bostic%okeeffe.Berkeley.EDU at UCBVAX.BERKELEY.EDU (Keith Bostic)
    Subject:  UNIX security
    UNIX is neither more or less secure than any other general purpose operating
    system I'm aware of.  It can be made as secure as you wish -- Gould, Sun,
    and AT&T, among others, have done interesting work in this area.

My apologies for continuing the security discussion on the TCP/IP list,
however, I feel that I must reply to the above comment which shows a
profound lack of understanding of general operating system security.

Such a blanket statement on security in general implies that all general
purpose operating systems in existence have the SAME level of security
built into each one of them.  This is simply NOT the case.  If it were,
then measuring levels of operating system security (such as what NCSC
does) wouldn't make any sense.  It turns out, that if one looks at the
operating systems that have been evaluated, some have indeed done better
than others.  In some systems, security has been carefully architected
from the design phase, while in other systems, it has been added as an
afterthought.  Needless to say, this does not yield identical results.
While it's true that Gould, etc. have done work on providing a MORE
secure UNIX, that is really relative to the non-enhanced versions and
does not even boast a security rating that would allow DOD to run
multi-level security.  That is not to say that one day, a version of
UNIX won't exist with a higher security rating, but today it just isn't

I am not trying to bash UNIX, I'm just trying to correct a misconception
that your comment raised.

                                        John G. Ata