Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!pdn!tscs!tct!chip
From: chip@tct.uucp (Chip Salzenberg)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX AND ESIX
Message-ID: <27C6EBCC.2AF1@tct.uucp>
Date: 23 Feb 91 22:25:16 GMT
References: <7667@crash.cts.com> <1991Feb21.141349.26015@virtech.uucp>
Organization: Teltronics/TCT, Sarasota, FL
Lines: 20

According to cpcahil@virtech.uucp (Conor P. Cahill):
>Yes ISC made a big mistake in letting this bug go.
>HOWEVER, they are trying to get a fix out as soon as they can.

After having let this bug go for over a year, we're supposed to be
UNDERSTANDING because THEY need TIME?

Render unto us a break.

>>Such security holes are intolerable.
>
>Yes we all agree on this, even ISC.  

Actually, ISC's and Everex's attitude is apparently:  "Such security
holes are intolerable -- *unless* we can keep them secret."  A slight
difference, there.
-- 
Chip Salzenberg at Teltronics/TCT      <chip@tct.uucp>, <uunet!pdn!tct!chip>
"It's not a security hole, it's a SECURITY ABYSS." -- Christoph Splittgerber
   (with reference to the upage bug in Interactive UNIX and Everex ESIX)