Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!umich!terminator!dabo.ifs.umich.edu!rees
From: rees@dabo.ifs.umich.edu (Jim Rees)
Newsgroups: comp.sys.apollo
Subject: Re: Patches and security
Message-ID: <1990Jul19.193641.23420@terminator.cc.umich.edu>
Date: 19 Jul 90 19:36:41 GMT
References: <1469@m1.cs.man.ac.uk>
Sender: usenet@terminator.cc.umich.edu (usenet news)
Reply-To: rees@citi.umich.edu (Jim Rees)
Organization: University of Michigan IFS Project
Lines: 11

In article <1469@m1.cs.man.ac.uk>, dente@els.ee.man.ac.uk (Colin Dente) writes:
  PLEASE keep the nature of security holes quiet.

I disagree, and patch 121 is a perfect example of why we need to discuss
security holes.  Unless I miss my guess, this patch does not fix the hole at
all, it just removes a copy of a program that exploits that hole.  You go
away thinking your machine is now somehow more secure, and anyone who really
wants to can still get in.

I may be wrong, but since we're not discussing this hole here, we'll never
find out, will we?