SCO Responds to security bugs (was: SCO UNIX C2 Security)

[John Pettitt]

ronald at robobar.co.uk (Ronald S H Khoo) writes:
>jpp at specialix.co.uk (John Pettitt) writes:
>> Before you ask - no I am not going to post the bug,
>Why not ?  You're not one of those ARRRGH SECURITY THRU OBSCURITY
>people are you, John?  I'm disappointed in you.  Oh, sorry, you have a
>support contract, don't you?  I suppose that binds you not to post about
>problems, does it ?  And would you have posted otherwise ?

No I don't believe in SECURITY THRU OBSCURITY.  However if a vendor
has produced a fix in good time and made it available free as SCO have
done I see no reason to tell the world about the original problem.

If you have a SCO box with TCP/IP & NFS and have not installed
the security sls then it is quite easy to find the problem with 
a little experimentation.  


-- 
John Pettitt, Specialix International, 
Email: jpp at specialix.com Tel +44 (0) 9323 54254 Fax +44 (0) 9323 52781
Disclaimer: Me, say that ?  Never, it's a forged posting !