Xref: utzoo comp.unix.wizards:25348 alt.security:2411
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!uunet!mcsun!ukc!edcastle!aiai!richard
From: richard@aiai.ed.ac.uk (Richard Tobin)
Newsgroups: comp.unix.wizards,alt.security
Subject: Should Dan post full details of his tty bugs?
Message-ID: <4601@skye.ed.ac.uk>
Date: 2 May 91 13:29:53 GMT
References: <1991Apr29.222139.21284@pcserver2.naitc.com> <14683@ulysses.att.com> <1991Apr30.164646.11693@pcserver2.naitc.com> <26844:May100:59:2591@kramden.acf.nyu.edu>
Reply-To: richard@aiai.UUCP (Richard Tobin)
Organization: AIAI, University of Edinburgh, Scotland
Lines: 18

In article <26844:May100:59:2591@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>I'd love to hear from anyone who can propose a simpler set of fixes
>that can still be proven to work.

While it seems likely that Dan's fixes are perfectly good, it wouldn't
be surprising if full discussion here led to further improvements (and
perhaps the discovery of other bugs).  If vendors are (for once) going
to incorporate these changes it would be good to subject them to the
most rigorous scrutiny.

For this reason I believe it would be best for Dan to post full details
of the various loopholes.

-- Richard
-- 
Richard Tobin,                       JANET: R.Tobin@uk.ac.ed             
AI Applications Institute,           ARPA:  R.Tobin%uk.ac.ed@nsfnet-relay.ac.uk
Edinburgh University.                UUCP:  ...!ukc!ed.ac.uk!R.Tobin