Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!decwrl!sgi!vjs@rhyolite.wpd.sgi.com From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver) Newsgroups: comp.sys.sgi Subject: Re: fix for login Summary: standard speech Message-ID: <88634@sgi.sgi.com> Date: 4 Mar 91 17:38:46 GMT References: <9103022329.AA13891@nazgul.physics.mcgill.ca> Sender: guest@sgi.sgi.com Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 37 In article <9103022329.AA13891@nazgul.physics.mcgill.ca>, loki@NAZGUL.PHYSICS.MCGILL.CA (Loki Jorgenson Rm421) writes: > > OK.... if its public pressure that SGI need to publish the > fix or post the binary on sgi.com, I am adding my voice to the chorus. > I have had more than my share of run-in's with the passwdreq bug and > its pretty irritating. > > SGI, please post a fixed /bin/login. Silicon Graphics is a commercial, for-profit organization. The NFSNET and BARRNet acceptable use restrictions explicitly prohibit us from using the Internet or BARRNet for private gain. We can post things for the use of universities, other educational institutions, and non-profit research organizations. We cannot post them for others. It is true that another commercial workstation vendor obtained permission to offer support over the Internet. It is also true that that wording of that permission was quite careful. It said, in part, If this service is made available to for-profit institutions, you sould (sic) have your for-profit users sign an agreement that their use of the NSFNET would be limited to research and/or education and will be consistent with the attached NSFNET Acceptable Use Policy. It would be at best complicated to get our "for-profit" customers to sign such an agreement, and to ensure that only those who had signed and those who at "academic and research institutions" could get the fixed binary. It is one thing to bend the rules for security fixes in a new sendmail, or to blink at them with a sendmail that does MX, since all Internet email is supposed to be to or from "academic and research institutions" and so a fixed sendmail at commercial site helps the academics. A similar rational seems unlikely for fixing /bin/login at commercial sites. Vernon Schryver, vjs@sgi.com