Unix System Security

[david newall]

tgg at otter.hpl.hp.com (Tom Gardner) writes:
> I want to hear about *fixes* [ to security holes ] as quickly as possible.
> The original posting could have resulted in details of *open* holes being
> widely circulated and read by persons of unknown responsibility; I hope you
> would agree that would be unwise.

I want security holes fixed as quickly as possible.  Sitting quietly, waiting
for fixes, does little to add urgency to such problems.

The recent internet worm, which took advantage of a number of long standing
security holes, serves as a fine example of how these issues can be ignored.
Despite the fact that these were "well known" security problems, nothing had
been done to correct the situation.

I am grateful to the author, or authors, of the internet worm.  They brought
to the attention of the world, these rather obvious problems, and in such a
way that the problems were fixed, and were fixed quickly.  Never the less,
the legal ramifications of the worm are likely to deter anyone else from
using a similar technique to advertise security holes.  Perhaps the author
(or authors) might have served their purpose better by posting the program,
not running it?


David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095