Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!jarthur!jonathan
From: jonathan@jarthur.Claremont.EDU (Jonathan Ball)
Newsgroups: comp.sys.apollo
Subject: Re: Patches and security
Message-ID: <7871@jarthur.Claremont.EDU>
Date: 19 Jul 90 20:59:03 GMT
References: <1469@m1.cs.man.ac.uk> <1990Jul19.193641.23420@terminator.cc.umich.edu>
Organization: Harvey Mudd College, Claremont, CA 91711
Lines: 20

In article <1990Jul19.193641.23420@terminator.cc.umich.edu> rees@citi.umich.edu (Jim Rees) writes:
   In article <1469@m1.cs.man.ac.uk>, dente@els.ee.man.ac.uk (Colin Dente) writes:
   > PLEASE keep the nature of security holes quiet.
   
   I disagree, and patch 121 is a perfect example of why we need to discuss
   security holes.  Unless I miss my guess, this patch does not fix the hole at
   all, it just removes a copy of a program that exploits that hole.  You go
   away thinking your machine is now somehow more secure, and anyone who really
   wants to can still get in.
   
   I may be wrong, but since we're not discussing this hole here, we'll never
   find out, will we?

Well, perhaps Jim Richardson and anyone else who DOES know what the problem
is, and HAS applied the patch, could tell us that information without
revealing the hole to the rest of the world.

Jon
-- 
jonathan@jarthur.claremont.edu (134.173.4.42)