Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!sdd.hp.com!uakari.primate.wisc.edu!crdgw1!sixhub!davidsen
From: davidsen@sixhub.UUCP (Wm E. Davidsen Jr)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <3214@sixhub.UUCP>
Date: 18 Feb 91 02:04:24 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp>
Reply-To: davidsen@sixhub.UUCP (bill davidsen)
Organization: *IX Public Access UNIX, Schenectady NY
Lines: 18

In article <27B93F44.5606@tct.uucp> chip@tct.uucp (Chip Salzenberg) writes:

| Forgive me if I react, not by congratulating SCO, but by dropping my
| jaw in mind-boggled astonishment that such a huge, gaping, obvious,
| you-can-drive-a-truck-through-it security hole was ever released by
| ISC or Everex in a beta, much less sold to customers in version after
| version after version.

  I am amazed that the companies didn't fix it instantly and send it by
registered express mail to every owner. In today's litigatious climate,
I can see a jury finding them negligent. And that goes for every other
vendor, although AT&T has an obligation to get the info out to the
source licensees as well, I would think.
-- 
bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen)
    sysop *IX BBS and Public Access UNIX
    moderator of comp.binaries.ibm.pc and 80386 mailing list
"Stupidity, like virtue, is its own reward" -me