Xref: utzoo comp.unix.sysv386:5546 comp.bugs.4bsd:1763
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!slxsys!jpp
From: jpp@specialix.co.uk (John Pettitt)
Newsgroups: comp.unix.sysv386,comp.bugs.4bsd
Subject: Re: SCO Responds to security bugs (was: SCO UNIX C2 Security)
Keywords: error checking
Message-ID: <1991Feb26.092431.23866@specialix.co.uk>
Date: 26 Feb 91 09:24:31 GMT
References: <43@talgras.UUCP> <14791@scorn.sco.COM> <1991Feb22.093441.8639@specialix.co.uk> <1991Feb23.020126.8064@robobar.co.uk>
Organization: Specialix International, London
Lines: 21

ronald@robobar.co.uk (Ronald S H Khoo) writes:
>jpp@specialix.co.uk (John Pettitt) writes:
>> Before you ask - no I am not going to post the bug,
>Why not ?  You're not one of those ARRRGH SECURITY THRU OBSCURITY
>people are you, John?  I'm disappointed in you.  Oh, sorry, you have a
>support contract, don't you?  I suppose that binds you not to post about
>problems, does it ?  And would you have posted otherwise ?

No I don't believe in SECURITY THRU OBSCURITY.  However if a vendor
has produced a fix in good time and made it available free as SCO have
done I see no reason to tell the world about the original problem.

If you have a SCO box with TCP/IP & NFS and have not installed
the security sls then it is quite easy to find the problem with 
a little experimentation.  


-- 
John Pettitt, Specialix International, 
Email: jpp@specialix.com Tel +44 (0) 9323 54254 Fax +44 (0) 9323 52781
Disclaimer: Me, say that ?  Never, it's a forged posting !