Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!fub!tmpmbx!scuzzy!src
From: src@scuzzy.in-berlin.de (Heiko Blume)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb13.221259.1462@scuzzy.in-berlin.de>
Date: 13 Feb 91 22:12:59 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <483@stephsf.stephsf.com>
Organization: Contributed Software
Lines: 20

wengland@stephsf.stephsf.com (Bill England) writes:
>   I have serious reservations about this kind of post.  While as an
>   system administrator system I want to know, at the same time it
>   is similar to giving handguns to a bunch of street thugs.

anyone who can read the release notes for ISC 2.2 can find
out on page 10 or so.....they published the bug themselves!!

>   The only way to protect ourselves, for now, is that those who have 
>   read the posting should inform their system administrators that the
>   bug exists and the system admins can ask (Tell) everyone to not do 
>   it.

not exactly, for public access to my source archive i've set up
a chroot() user that can't write anywhere, unhackable :-)
-- 
      Heiko Blume <-+-> src@scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
                    public source archive [HST V.42bis]:
        scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
                     uucp scuzzy!/src/README /your/home