Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!ucsd!ucbvax!bloom-beacon!eru!luth!sunic!mcsun!tuvie!mike
From: mike@tuvie (Inst.f.Techn.Informatik)
Newsgroups: comp.sys.apollo
Subject: Re: security problems
Message-ID: <1646@tuvie>
Date: 4 Jul 90 10:39:26 GMT
References: <9006281344.AA00445@cc2.cc.umr.edu> <2032@cernvax.UUCP>
Organization: TU Vienna EDP-Center, Vienna, AUSTRIA
Lines: 32

In article <2032@cernvax.UUCP>, achille@cernvax.UUCP (achille petrilli) writes:
> One of my friends told me around 1986/1987 that sendmail
> had a security bug in it that could allow anyone to become root. I didn't ask
> details about it, but it came back to my mind when the Internet Worm arrived.
> 
> The two stories above should tell you that the official channels or the
> 'security by ignorance' are not always the right way of handling this sort of
> problems. 
> In some cases, you MUST go out to the net and take the risk.
> 
> Achille Petrilli
> Management Information Systems
> CERN

The sendmail problem still exists in sr10.1. 

I guess the only way something will be done is by postin security problems to 
the net. First of all you will reach all Apollo users having access to the
comp.sys.apollo group (which means the Europeans will get information as well).
Also, if HP/Apollo think they can handle Apollo security problem by saying 
Apollos were never intended to be secure, then we should try to force them
to enhance security by posting *ALL* problems to the net ('security by
exposure' instead of 'security by ignorance').

				bye,
					mike
       ____  ____
      /   / / / /   Michael K. Gschwind             mike@vlsivie.at
     /   / / / /    Technical University, Vienna    mike@vlsivie.uucp
     ---/           Voice: (++43).1.58801 8144      e182202@awituw01.bitnet
       /            Fax:   (++43).1.569697
   ___/