Xref: utzoo comp.unix.wizards:25264 alt.security:2374 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!elroy.jpl.nasa.gov!jato!dave From: dave@jato.jpl.nasa.gov (Dave Hayes) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 4: What You Can Look Forward To Message-ID: <1991Apr30.224235.2459@jato.jpl.nasa.gov> Date: 30 Apr 91 22:42:35 GMT References: <3600:Apr2614:04:4391@kramden.acf.nyu.edu> <13218@goofy.Apple.COM> <1991Apr29.222139.21284@pcserver2.naitc.com> <14683@ulysses.att.com> Reply-To: dave@elxr.jpl.nasa.gov Organization: Jet Propulsion Lab - Pasadena, CA Lines: 47 smb@ulysses.att.com (Steven Bellovin) writes: >In article <1991Apr29.222139.21284@pcserver2.naitc.com>, kdenning@pcserver2.naitc.com (Karl Denninger) writes: >Dan is caught between a rock and a hard place here. He knows of >certain security problems in many existing systems. What should he do >with the information? In my opinon (for whatever that's worth) he should publish it widely and loudly. (here I go again being flame bait...) >Face it, there's no satisfying everyone. This is all TOO true. *sigh* >What Dan has done -- offered >details to anyone who can prove his or her legitimacy -- is certainly >defensible as an answer. Your and I may not (or may) agree with it, >but it's as reasonable a choice as either of the first two. I see what you are saying, but I have to disagree. Why has Dan even POSTED that such holes exist, if he is not willing to disclose the details to us system admins that are going to be of necessity interested in the problem? WOuldn't it have been better to just report this to CERT and vendors and leave it go at that? That way, those of us who he claims have no justification for the details wouldn't even know to ask him, right? Personally, I would like to know exactly what his criterion is. I believe I have extremely valid reasons for knowing these details...my paycheck happens to refelct these reasons. Naturally I responded to his #6 item...believing full well that he could validate my legitimacy. He hasn't even tried. It would appear, (if I may evaluate for him) that his whole purpose stems from some need to have a secret that you don't. Nyahhh. 8) I think he shouldn't have said a damn thing. -- Dave Hayes - Network & Communications Engineering - JPL / NASA - Pasadena CA dave@elxr.jpl.nasa.gov dave@jato.jpl.nasa.gov ames!elroy!dxh There is a saying: "I believe it because it is impossible" If you make any study of people in a state of what they are pleased to call belief, you will find that you can usually best describe them by the saying: "My belief has made me impossible."