In the past several years, there have been a large number of published works that have graphically described a wide variety of security problems particular to Unix. Without fail, the same problems have been discussed over and over again, describing the problems with SUID set user ID programs, improper le permissions, and bad passwords to name a few. There are two common characteristics to each of these problems: rst, they are usually simple to correct, if found; second, they are fairly easy to detect. Since almost all systems have fairly equivalent problems, it seems appropriate to create a tool to detect potential security problems as an aid to system administrators. This paper describes one such tool: Cops. Computerized Oracle and Password System is a freely-available, This paper originally appeared in the proceedings of the Summer Usenix Conference, 1990, Anaheim CA. 1
Daniel Farmer, Eugene H. Spafford