Despite its wide use in commerce and Government over many years, Unix has not quite been able to allay lingering suspicions about the reliability of its security. A persistent impression of Unix remains that it is by design, inimical to the requirements of good security. Much of this has resulted from the early reputation of Unix as a programmer-friendly environment with easy accessibility. Yet this perception of Unix does not accord totally with reality.

Unix has been provided with a range of security features that are arguably as good as those of other multi-user systems such as IBM z/OS and the Fujitsu-ICL/VME. Well proven techniques such as password authentication and file protection modes have long been a part of Unix's repertoire of security controls. Over the years, these controls have seen considerable strengthening. The "password shadowing" feature , for example, that stores encrypted passwords in a highly secure file, has made password detection by unauthorised users virtually impossible. Similarly, the scope for opportunistic attacks by “hackers” has been reduced by the enforcement of line disablement after a given number of unsuccessful log-in attempts.

In addition to these improvements, a number of secure versions of Unix have been developed that meet the more stringent criteria of the DoD Orange Book. Trusted Xenix at the B2 level and the SystemV/MLS at the B1 level are just two examples of such secure Unix implementations.

It cannot be denied of course, that some aspect of Unix have always been controversial from the point of view of security. The SETUID feature and the over-riding access privileges of "root", in particular, have attracted considerable criticism. However, the problems posed by these features are by no means insurmountable. This view was undoubtedly shared by some well-known secure Unix initiatives, such as those of the DoD Trusix Working Group and the POSIX 1003.6 Security Working Group, which until recently were actively engaged in the development of standards for secure Unix systems. The considerable body of work that has emanated these Groups, is undoubtedly a strong endorsement of the potential of Unix to be a secure system.

Notwithstanding the positive developments in Unix security, scepticism about its reliability has shown few signs of being easily dispelled. The fragility of Unix code and the security holes that supposedly lie concealed within it, remain an enduring part of the folklore of Unix. Yet in Unix's defence, it must be said that many of Unix's more widely publicised failures have been the consequence of the misuse of its security controls. A few years ago (1988), the so called "Internet Worm", for example, caused a stir by succeeding in overloading and bringing to a virtual standstill, large sections of the Internet. However, subsequent investigation showed that this "worm" had in fact been considerably aided in its path of disruption, by the lamentable inability of many users to apply the password mechanism of the system correctly.

To some extent Unix is the victim of its much publicised portrayal as an open environment. Cynics have argued that a system that sets out to be an open environment must by definition be insecure. The logic of this argument is beguiling, but to succumb to it is to misapprehend the concept of openness as applied to operating systems. Openness in operating systems is not about unhindered access and the lack of security that that implies. In operating systems, openness is principally about inter-operability across applications. The latter can be achieved without compromising the need for security. In Unix, the IT community may well be witnessing the truth of this proposition.

Return to Main Page

Document created by Neil Keskar (nkeskar@hotmail.com) 17/9/08