BSD tty security, part 4: What You Can Look Forward To

Dave Hayes dave at jato.jpl.nasa.gov
Wed May 1 08:42:35 AEST 1991


smb at ulysses.att.com (Steven Bellovin) writes:

>In article <1991Apr29.222139.21284 at pcserver2.naitc.com>, kdenning at pcserver2.naitc.com (Karl Denninger) writes:

>Dan is caught between a rock and a hard place here.  He knows of
>certain security problems in many existing systems.  What should he do
>with the information?

In my opinon (for whatever that's worth) he should publish it widely and
loudly. (here I go again being flame bait...)

>Face it, there's no satisfying everyone.  

This is all TOO true. *sigh*

>What Dan has done -- offered
>details to anyone who can prove his or her legitimacy -- is certainly
>defensible as an answer.  Your and I may not (or may) agree with it,
>but it's as reasonable a choice as either of the first two.

I see what you are saying, but I have to disagree. Why has Dan even POSTED
that such holes exist, if he is not willing to disclose the details to
us system admins that are going to be of necessity interested in the problem?

WOuldn't it have been better to just report this to CERT and vendors and
leave it go at that? That way, those of us who he claims have no justification
for the details wouldn't even know to ask him, right? 

Personally, I would like to know exactly what his criterion is. I believe I
have extremely valid reasons for knowing these details...my paycheck happens
to refelct these reasons. Naturally I responded to his #6 item...believing
full well that he could validate my legitimacy.

He hasn't even tried. It would appear, (if I may evaluate for him) that his
whole purpose stems from some need to have a secret that you don't. Nyahhh.
8)

I think he shouldn't have said a damn thing.

-- 
Dave Hayes - Network & Communications Engineering - JPL / NASA - Pasadena CA
dave at elxr.jpl.nasa.gov       dave at jato.jpl.nasa.gov           ames!elroy!dxh

        There is a saying: "I believe it because it is impossible"
If you make any study of people in a state of what they are pleased to call 
belief, you will find that you can usually best describe them by the saying:
                  "My belief has made me impossible."



More information about the Comp.unix.wizards mailing list