Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!snorkelwacker.mit.edu!hsdndev!cmcl2!adm!news From: konczal@sunmgr.ncsl.nist.gov (Joe Konczal) Newsgroups: comp.unix.wizards Subject: Should Dan post full details of his tty bugs? Message-ID: <26821@adm.brl.mil> Date: 8 May 91 16:49:43 GMT Sender: news@adm.brl.mil Lines: 38 From: bill Date: 4 May 91 20:14:46 GMT In article <1991May3.183159.23747@maths.tcd.ie> chogan@maths.tcd.ie (Christine Hogan) writes: : In <4601@skye.ed.ac.uk> richard@aiai.ed.ac.uk (Richard Tobin) writes: : >For this reason I believe it would be best for Dan to post full details : >of the various loopholes. : I disagree. I _don't_ have sources and I _do_ have lots ====================== ====================== ====================== : of idle undergrads lapping up this discussion and dying : for all the damaging details to be posted. Dan is doing : exactly the right thing for my predicament. You are in a fool's paradise. At least one of your undergrads is smart enough to figure out what to do with the hole given the clues already posted and to cover himself after using it. For as long as you remain ignorant of the details, you are prevented from taking preventative action. If Dan posted full details, those who don't have the source to their operating systems would still be unable to close the loopholes, but many other undergrads, who are not smart enough or motivated enough to figure it out on their own, would now know how to abuse these loopholes. If you really need to know the details of the loopholes Dan is talking about why don't you try to convince him to send them to you, instead of writing yet another naive, "doesn't every SA have the OS source, and the time and ability to fix it immediately?", message to the network. -- Joe Konczal konczal@ncsl.nist.gov