LISTSERV - HP3000-L Archives

HP3000-L Archives

August 1998, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 1998, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: HP3000 and network daemon security (was: HP3000 and Pagers)
From:	Mark Bixby <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sun, 16 Aug 1998 14:34:13 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (45 lines)

Dwayne Stewart writes:
>
> Have the security issues been resolved with Sendmail?  It seems that I heard
> about Sendmail being a week link for hackers to gain access to the system.
> I heard about the problems in a UNIX environment.  Is this the case in the
> MPE environment?

I don't think sendmail is any more or less dangerous than any other network
server daemon.

Past security problems with network daemons generally fall into these
categories:

1) Buffer overflows that permit an attacker to send and execute arbitrary
machine instruction code.  On MPE, if a buffer overflow existed, an attacker
would only be able to scribble on the data stack which in the 3000 architecture
cannot contain executable code.  The likely result would be a process abort.

2) Attackers reading files and running programs outside of the scope of the
original application.  All of my ported applications reside in their own
separate accounts.  Thus my ported applications won't gain access to other
files or programs unless they're subject to R:ANY or X:ANY security.  If you
have sensitive data hidden behind R:AC or X:AC security, my ported applications
won't be able to get to it.

3) Attackers abusing Unix superuser access (aka uid 0).  Many network daemons
run as the Unix superuser, a god-like state with total access to all system
functionality.  If such code has any security holes, you are very vulnerable
to all sorts of mischief.  MPE lacks the superuser uid 0 concept, and none
of my ported applications require SM capability.  There is some use of PM,
but only for short duration documented needs like bind()-ing to low numbered
sockets.  I keep the distance between GETPRIVMODE() and GETUSERMODE() as
short as possible.

4) Attackers stealing the /etc/passwd user & password file.  No such file
of accounting information exists on MPE.

So compared to Unix, MPE really is a much, much more secure OS.
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               Voice: +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)

ATOM RSS1 RSS2

RAVEN.UTC.EDU