Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!samsung!munnari.oz.au!sirius.ucs.adelaide.edu.au!levels!ccdn
From: CCDN@levels.sait.edu.au (david newall)
Newsgroups: comp.lang.c
Subject: Re: Unix System Security
Message-ID: <6354@levels.sait.edu.au>
Date: 15 Jan 90 12:19:34 GMT
References: <1989Dec12.014608.12607@polyof.poly.edu> <1670020@otter.hpl.hp.com>
Organization: Sth Australian Inst of Technology
Lines: 27

tgg@otter.hpl.hp.com (Tom Gardner) writes:
> I want to hear about *fixes* [ to security holes ] as quickly as possible.
> The original posting could have resulted in details of *open* holes being
> widely circulated and read by persons of unknown responsibility; I hope you
> would agree that would be unwise.

I want security holes fixed as quickly as possible.  Sitting quietly, waiting
for fixes, does little to add urgency to such problems.

The recent internet worm, which took advantage of a number of long standing
security holes, serves as a fine example of how these issues can be ignored.
Despite the fact that these were "well known" security problems, nothing had
been done to correct the situation.

I am grateful to the author, or authors, of the internet worm.  They brought
to the attention of the world, these rather obvious problems, and in such a
way that the problems were fixed, and were fixed quickly.  Never the less,
the legal ramifications of the worm are likely to deter anyone else from
using a similar technique to advertise security holes.  Perhaps the author
(or authors) might have served their purpose better by posting the program,
not running it?


David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn@levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095