Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!sdd.hp.com!zaphod.mps.ohio-state.edu!mips!daver!tscs!tct!chip
From: chip@tct.uucp (Chip Salzenberg)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Message-ID: <27C2A77A.333A@tct.uucp>
Date: 20 Feb 91 16:44:41 GMT
References: <27B93F44.5606@tct.uucp> <3214@sixhub.UUCP> <PCG.91Feb18214630@odin.cs.aber.ac.uk>
Organization: Teltronics/TCT, Sarasota, FL
Lines: 19

According to pcg@cs.aber.ac.uk (Piercarlo Grandi):
>The first thing their attorney will have told them must have been
>"don't admit anything".

For minor bugs, the old "it's not a bug, it's a feature" spiel might
be a workable alternative.  But I would be flabbergasted if a member
of any U.S. bar association advised Interactive not to 'fess up about
the upage bug, unless said lawyer was misled as to the bug's nature.

>Technically and practically, all these vendors are just selling you
>defect free floppies. The usefulness of their contents are explicitly
>disclaimed in every possible way.

Fortunately, the warranty that asserts this "fact" is not the be-all
and end-all of vendor-customer obligations.
-- 
Chip Salzenberg at Teltronics/TCT      <chip@tct.uucp>, <uunet!pdn!tct!chip>
"It's not a security hole, it's a SECURITY ABYSS." -- Christoph Splittgerber
   (with reference to the upage bug in Interactive UNIX and Everex ESIX)