Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!haven.umd.edu!mimsy!mojo!stripes
From: stripes@eng.umd.edu (Joshua Osborne)
Newsgroups: comp.unix.wizards
Subject: Re: Serious potential security problem. (was Re: BSD tty security, part 3: How to Fix It)
Message-ID: <1991May2.002827.1330@eng.umd.edu>
Date: 2 May 91 00:28:27 GMT
References: <1991May1.140953.20081@mp.cs.niu.edu>
Sender: news@eng.umd.edu (C-News)
Organization: College of Engineering, Maryversity of Uniland, College Park
Lines: 21

In article <1991May1.140953.20081@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes:
>
> Why are we worrying about somebody sneaking in through a tiny crack in the
>basement, when the front door is swinging wide open.
[...]
> Face it.  That '+' in hosts.equiv is not safe now, never was safe, probably
>never will be safe.  As long as vendors insist in this misfeature, TTY
>problems seem unimportant by comparison.

Yes, but we aready fixed that, and I am sure many others have as well.  We
hadn't heard of the tty problems untill just recently (well, allright, I
had, I read it a while ago on comp.unx.wizards, and played with it on a
VAX, but I had assumed it was fixed by the time I became an admin.).  Just
because someone has a gun pointed to your head doesn't mean you can safely
ignore the one that is pointed at your heart...
-- 
           stripes@eng.umd.edu          "Security for Unix is like
      Josh_Osborne@Real_World,The          Multitasking for MS-DOS"
      "The dyslexic porgramer"                  - Kevin Lockwood
"CNN is the only nuclear capable news network..."
    - lbruck@eng.umd.edu (Lewis Bruck)