Xref: utzoo comp.unix.wizards:25272 alt.security:2379
Newsgroups: comp.unix.wizards,alt.security
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!hela!lokkur!scs
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Message-ID: <1991May1.010657.281@lokkur.dexter.mi.us>
Organization: Inland Sea
References: <13218@goofy.Apple.COM> <1991Apr29.222139.21284@pcserver2.naitc.com> <14683@ulysses.att.com> <1991Apr30.164646.11693@pcserver2.naitc.com>
Date: Wed, 1 May 91 01:06:57 GMT

smb@ulysses.att.com (Steven Bellovin) writes:
>Another answer is to tell vendors and CERT.  This is a favorite of
>folks who don't like the first answer.  He's tried that; according to
>his earlier postings, some vendors, at least, aren't interested.

kdenning@pcserver2.naitc.com (Karl Denninger) writes:

>Neither was Interactive with their u_area bug (it was world-writable!) 
>until someone posted code which exploited the bug.  CERT wasn't even
>interested (I guess they consider ISC's offering not to be of any
>importance).  I am on the CERT list -- there was no notice of that 
>problem at all.

Some CERT person may correct me, but I believe that CERT only
makes public announcements when a fix or workaround is already
available.
-- 
 "FACT: less than 10% of the psychiatrists in the US are actually
  practicing cannibals."  Rod Johnson