Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!cs.utexas.edu!milano.sw.mcc.com!uudell!natinst!balkan!wrangler!ssbn!bill
From: bill@ssbn.WLK.COM (Bill Kennedy)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <2017@ssbn.WLK.COM>
Date: 14 Feb 91 00:56:30 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <329@alderan.uucp>
Reply-To: bill@ssbn.WLK.COM (Bill Kennedy)
Organization: W.L. Kennedy Jr. and Associates, Pipe Creek, TX
Lines: 22

I've made my point in an earlier article so I'll trim this and limit
comments to the inflamed nerve that everyone should have wagging by now.

chris@alderan.uucp (Christoph Splittgerber) writes:
[ repeats the bug claim and calls it a SECURITY ABYSS... ]
>
>I don't like ISC's upgrade provision clauses and I don't wana pay for this
>bugfix.
>
>So what to do now ? .....  -:(  -:(  -:(

A question that has gone unanswered from time to time is if we have no
support (extortion) agreement, how do we report bugs and learn of fixes.
This one seems to have been reported adequately, reproduced and confirmed,
Why the silence about a fix?  Oh...  OK, I didn't buy a support agreement.

What we're failing to recognize is that this feature was constructed as
a bomb shelter some time ago.  It was only recently converted to a hardened
command and control facility but nobody told those of us who were inside.
-- 
Bill Kennedy  usenet      {att,cs.utexas.edu,pyramid!daver}!ssbn.wlk.com!bill
              internet    bill@ssbn.WLK.COM   or attmail!ssbn!bill