BSD tty security, part 4: What You Can Look Forward To

[Jeff d'Arcy]

brnstnd at kramden.acf.nyu.edu (Dan Bernstein):
>In article <721 at seqp4.UUCP> jdarcy at seqp4.ORG (Jeff d'Arcy) writes:
>> The fact is that Dan would hardly be the first
>> person to make such an offer without having the goods to back it up.
>
>As Steve Bellovin, Gene Spafford, Tom Christiansen, various BSD folks
>including Marc Teitelbaum and Keith Bostic, CERT, and a couple of other
>people can attest, I *do* have the goods:

That's a very nice piece of name-dropping there, but the fact remains that we
mere mortals have no evidence of your claims.  I have no reason to think this
program will work on either of the systems I've worked on and, since I can't
get a copy of the program without major headaches (despite the fact that I'm a
professional kernel developer in as good a position as anyone to fix the bugs
on both platforms), I just won't bother.  Maybe I would if I had time, but I'm
plenty busy without having to take any Bernstein bullshit.

>That's the fact, Jeff. I again invite you and everyone else to stop
>spouting the same tired old rhetoric and start paying attention to this
>case on its own merits.

Its own what?  I see this as just another plea for attention by the net's most
infamous glory-hound.  The real hackers already know about this bug, and many
others that I'm sure neither you nor I have figured out yet.  I've seen several
generations of pty-related security problems before you came along, and there
will undoubtedly be more after your current crusade is only a memory.  All your
crowing about your intellectual and moral superiority won't get you the respect
you so obviously crave.  Your "amazing discoveries" are pretty mundane to those
of us who make a living at this stuff.

>I don't expect to post further articles in this thread

I wish I could believe you.
-- 

Jeff d'Arcy, Generic MTS, Sequoia Systems Inc. <jdarcy%seqp4 at m2c.org>
         Time flies like an arrow; fruit flies like a banana