a holiday gift from Robert "wormer" Morris
a.v.reed
avr at mtgzz.att.com
Wed Nov 9 04:53:31 AEST 1988
In article <76424 at sun.uucp>, dre%ember at Sun.COM (David Emberson) writes:
< In article <2060 at spdcc.COM>, eli at spdcc.COM (Steve Elias) writes:
< > "Wormer" Morris has quite a career ahead of him, i'll bet.
< > he has done us all a favor by benevolently bashing bsd 'security'.
<
< I knew about this sendmail bug at least four years ago, courtesy of Matt
< Bishop (now at Dartmouth). He wrote a paper detailing at least a half dozen
< holes in the Unix system and methods for constructing trojan horses which was
< so dangerous that he responsibly decided not to publish it, but instead to
< give selected copies to people who could fix some of the problems. He also
< wrote an article for the Usenix newsletter, ;login, which explained how to
< write secure setuid shell scripts--a major source of security holes. Matt did
< not "benevolently bash" anyone's machines. His behaviour, while unsung by
< the press and the Usenet community, is an example of the highest in profession-
< al and academic standards. This is the kind of behaviour that we should be
< extolling.
Really? In my book, a key component of professionalism is "owning
the problem". That means you work it until it gets fixed. "Giving
selected copies to people who could fix some of the problems"
(they didn't) is not enough. Morris did what was necessary to get
the problems fixed. For that, many of us are grateful. And yes,
some of us LIKE people who "own the problem" until it is solved.
Adam Reed (avr at mtgzz.ATT.COM)
More information about the Comp.unix.wizards
mailing list