BSD tty security, part 4: What You Can Look Forward To
Ed Carp
erc at Apple.COM
Thu May 2 03:57:24 AEST 1991
In article <26844:May100:59:2591 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>Let me be more explicit. I consider vendors to have a legitimate
Oh? I do consulting for a vendor, notably Apple. I also do consulting
for a number of very large companies in the bay area, notably a very large
public utility. They also have a vested interest in anything that would
enhance their security.
>I do not consider someone to have a legitimate interest in
>security-breaking code merely by virtue of being a system administrator.
>If I did, then I should be sending the code to practically everyone---
>there's no fine line between the manager of a major site and the
>``manager'' of a personal workstation. And that is an unacceptable risk.
Well, then ... post it in alt.sources or alt.security.sources. Calls for
votes, anyone?
IMHO, your attitude is irrational. How many sites do I have to administer
to qualify? One? Five? A hundred?
You haven't addressed the issue of whether I'm a cracker or not. Being a
system administrator of a hundred systems doesn't prove you're a good guy,
any more than being the administrator of one makes you a bad guy. System
administrators of a few sites face many (not ALL) of the same headaches of
a large site. Backups, security, user management and disk management, just
to name a few.
>As for explaining this to your boss: I'm sorry I can't be any help here.
>I note that it is a lot more cost effective for FooBar Computer Co. to
>make fixes once and distribute them to 1000 admins than to have 1000
>admins each make fixes for themselves.
Yes, but FooBar Co. (as you yourself have stated) just doesn't have any interest
in fixing the bugs! Besides, do you have any idea how many different computer
systems you're talking about impacting? There's NO WAY that you're going to
get all vendors to distribute fixes, let alone distribute them FOR FREE.
--
Ed Carp N7EKG/6 erc at khijol.UUCP ...uunet!khijol!erc
UUWEST Consulting Alameda, CA 415/814-0550
Computers HAVE caused a revolution in how much information we
can safely ignore! --robs at ux1.cso.uiuc.edu (Rob Schaeffer)
-- Absolutely unabashed Gates McFadden groupie! --
More information about the Comp.unix.wizards
mailing list