UNIx Security for Payroll System

UNIx Security for Payroll System

Post by P. Mande » Fri, 22 Dec 1995 04:00:00



We are puttin a payroll system in (SYBASE) on our HP-Unix box.  
We are new to Unix.  Is there a way I can make the data base
executable to some but not readable to anyone?

--
P. Mandel

 
 
 

UNIx Security for Payroll System

Post by Mike Fischbe » Fri, 22 Dec 1995 04:00:00


: We are puttin a payroll system in (SYBASE) on our HP-Unix box.  
: We are new to Unix.  Is there a way I can make the data base
: executable to some but not readable to anyone?

Yes.  Depending on exactly what you mean, this
can be done in Unix, Sybase, or most likely, both.

Given the level of knowledge implicit in your question
and the likely sensitivity of a payroll system, you'll
probably feel better if you get a technically
knowledgable consultant to set up and maintain the
security constraints.  They should be willing and able
to explain what they've done, why and how.  They
should also by instructing you and your staff in how
to do the maintenance yourselves -- after about six
months, you should be on your own.

        mike

--

Any opinions expressed are mine only, and not necessarily
those of any other entity.  They may not even be mine.

 
 
 

1. Really serious security hole in Microport Unix (Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386)

[I've crossposted this widely because there should be a lot of
people who care about this; however, I've directed followups to
comp.unix.sysv386.]

Interactive's Unix isn't the only one with a really serious
security hole. Microport 3.0e, and possibly others from
Microport, has an equally awful hole and it is unfixable without
kernel hacking. Microport knows about it since I told them about
it; I don't know what, if anything, they are going to do about it.

If anyone out there wants information on this bug, I will send it
to you. Also, I have created a replacement for the offending
kernel module of 3.0e and can send that. However, I will only

your site is reasonably secure. If you are at the end of an
insecure (in my opinion, and I won't change it) path and you still
want this information, I will arrange a direct uucp connection to
send it. If that won't work, I'll try to arrange something.

I won't immediately describe the bug on the net in order to give
admins a chance to fix their systems before the crackers get a
whack at it. I can't even describe the general area that this bug
compromises without making it too easy to trigger it.

In a few weeks, after the expected deluge of "what *is* that bug"
messages, I will post the informational message I'm sending out.

--

Consider said various vicious and incendiary comments about brain
dead programmers and inadequate QA. These bugs should *never*
have made it out the door and, having done so, they should never
have lasted as long as they have. Of course, we can't blame the
guys at Interactive and Microport too much; they have had the
example (and largely uncomment code) of those guys who gave us
the still unfixed (or so I hear) System V inode bug.

2. Lingering sockets

3. UNIX File System Security Help

4. Printing long-line e-mail <ref. alecf>

5. Updated Release of TIGER (2.2.1), UNIX Security Checking System

6. RW ATAPI CDROM how to use

7. Unix file system security

8. Need a UNIX Quicktime Converter

9. Does any Know How To FTP between a Unix system and a Non Unix operating system.

10. UNIX System V release 4, password security

11. Searching paper about security of a UNIX system

12. Evaluation of strengths and weaknesses of Unix system security

13. unix security on aix systems using risc 6000