Unix Security: A Practical Tutorial (Unix/C)

This book is old: it was registered in Library of Congress Catalog in 1992 (publisher year is 1993) so my review takes into account the 16 years passed. Being from 1992, the book was written with the "Unix mindset" of the 80's, so we will find (or miss): * Half of the book (the full second part) are just full C language listings, reflecting the fact that current Unix users/admins were also C programmers or at least able to test C source code * The "TCP LAN" wasn't yet synonym of networking, and just 7 pages are devoted to explaining the "hosts.equiv" mechanisms and security problems; and finally an overview of Kerberos concepts * The UUCP network gets 22 pages, reflecting the ubiquity of these protocols * An interesting (a bit weird) chapter of patching object code using the debugger and the "strings" command * A chapter titled "database security" that shows some security issues in the architecture and implementation of an old version of Informix. This may be regarded as a case study for a wide class of applications The text has 235 pages (good, I don't like fat books) and including C listings goes almost to 390. I'd recommend this book to any person trying to get an understanding of the Unix evolution. A lot of concepts are also still valid (for example, basic file permissions, text file user database, etc) but of course most need update (specially for a Linux user.) Finally, I think that for its time the book was very valuable because Unix Security was then (at least for me) a very obscure and undocumented subject. TOC (in parenthesis my keywords/comment) 1 The Unix Operating System (history, standards, etc) 2 Information Control (security concepts, file permissions) 3 The Unix File System (more on file permissions, setuid) 4 Boot Path (rc files from System V point of view) 5 Audit Programs (System V tools) 6 End User Maintenance (passwd, group, rsh) 7 Special Devices (tty, modem, disk, tape) 8 Break-in Techniques (recommendations to hack!) 9 Modem Security (cable, ports) 10 Database Security (Informix case) 11 UUCP Network 12 LAN (no Internet!) 13 Viral Infection (vectors, virus infection process) 14 Patching Object Code (really nice, if you like adb)