Xref: utzoo comp.unix.wizards:25403 alt.security:2440 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!snorkelwacker.mit.edu!bu.edu!m2c!seqp4!jdarcy From: jdarcy@seqp4.ORG (Jeff d'Arcy) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 4: What You Can Look Forward To Message-ID: <729@seqp4.UUCP> Date: 3 May 91 14:34:53 GMT References: <1991Apr30.164646.11693@pcserver2.naitc.com> <721@seqp4.UUCP> <11974:May214:00:3691@kramden.acf.nyu.edu> Reply-To: jdarcy@sequoia.com (Jeff d'Arcy) Organization: Sequoia Systems, Marlboro MA Lines: 37 brnstnd@kramden.acf.nyu.edu (Dan Bernstein): >In article <721@seqp4.UUCP> jdarcy@seqp4.ORG (Jeff d'Arcy) writes: >> The fact is that Dan would hardly be the first >> person to make such an offer without having the goods to back it up. > >As Steve Bellovin, Gene Spafford, Tom Christiansen, various BSD folks >including Marc Teitelbaum and Keith Bostic, CERT, and a couple of other >people can attest, I *do* have the goods: That's a very nice piece of name-dropping there, but the fact remains that we mere mortals have no evidence of your claims. I have no reason to think this program will work on either of the systems I've worked on and, since I can't get a copy of the program without major headaches (despite the fact that I'm a professional kernel developer in as good a position as anyone to fix the bugs on both platforms), I just won't bother. Maybe I would if I had time, but I'm plenty busy without having to take any Bernstein bullshit. >That's the fact, Jeff. I again invite you and everyone else to stop >spouting the same tired old rhetoric and start paying attention to this >case on its own merits. Its own what? I see this as just another plea for attention by the net's most infamous glory-hound. The real hackers already know about this bug, and many others that I'm sure neither you nor I have figured out yet. I've seen several generations of pty-related security problems before you came along, and there will undoubtedly be more after your current crusade is only a memory. All your crowing about your intellectual and moral superiority won't get you the respect you so obviously crave. Your "amazing discoveries" are pretty mundane to those of us who make a living at this stuff. >I don't expect to post further articles in this thread I wish I could believe you. -- Jeff d'Arcy, Generic MTS, Sequoia Systems Inc. Time flies like an arrow; fruit flies like a banana