[1293] in Kerberos
Re: Integrity of MIT source
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Mar 8 11:21:16 1991
Date: Fri, 8 Mar 91 10:52:40 -0500
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: jrc@snow-white.Lanl.GOV
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: James R. Clifford's message of Thu, 7 Mar 91 15:50:55 MST,
Reply-To: tytso@ATHENA.MIT.EDU
From: jrc@snow-white.Lanl.GOV (James R. Clifford)
What measures have been taken to protect MIT's Kerberos software
source? We are investigating using Kerberos for our network
authentication system. For some clients and servers, building the code
from the MIT source is the only available/timely alternative. On the
other hand, there are those who contend basing a large part of the
campus security on software obtained from an electronic bulletin board
is crazy. "Bulletin boards are where you go to pick up viruses, Trojan
horses, and other nasty social diseases", they say.
I tend to make a distinction between "eletronic bulletin boards" and FTP
sites. You can obtain kerberos by ftp'ing to ATHENA-DIST.MIT.EDU (IP
address 18.71.0.38). Only certain Project Athena staff members have
access to that machine; only authorized software releases go there. In
contrast, I tend to think of "eletronic bulletin boards" privately run
systems which you access by modem; where the average age of users is
under 21; and where random people deposit software to which is picked up
by other users who use that software at their own risk.
I do, however, find it touching that you are only concerned that "what
you ftp" is unchanged from "what the authors released". Allow me to ask
this question: Why are you so convinced that software will be free of
"back doors" and "wizard passwords" just because it came from MIT
Project Athena? After all, other software packages have come released
from equally prestigious institutions with "wizard passwords".
We encourage people to at least look over the source code of what they
FTP over; and if they want to, they're perfectly welcome to perform a
security audit over the code. In this respect, vendor release of
Kerberos are likely to be worse, since you don't get the source code,
and so you have to take the vendor's word that there are no back doors.
I, personally, would rather take a look at the source code myself, and
assure myself that a piece of security-related is code is free of holes,
accidental or otherwise.
- Ted
