Newsgroups: comp.unix.wizards Path: utzoo!utgpu!jmason From: jmason@gpu.utcs.utoronto.ca (Jamie Mason) Subject: Re: Should Dan post full details of his tty bugs? Message-ID: <1991May9.071058.20279@gpu.utcs.utoronto.ca> Summary: YES, he should. Keywords: tty bugs undergrads kernel Organization: University of Toronto Computer Science *UNDERGRADUATE* Student References: <26821@adm.brl.mil> Date: Thu, 9 May 1991 07:10:58 GMT Too much quoting... The citations are too munged to figure out who posted what: > I disagree. I _don't_ have sources and I _do_ have lots > of idle undergrads lapping up this discussion and dying > for all the damaging details to be posted. Dan is doing > exactly the right thing for my predicament. > You are in a fool's paradise. At least one of your undergrads is > smart enough to figure out what to do with the hole given the > clues already posted and to cover himself after using it. For as konczal@sunmgr.ncsl.nist.gov (Joe Konczal) writes: > If Dan posted full details, those who don't have the source to their > operating systems would still be unable to close the loopholes, but > many other undergrads, who are not smart enough or motivated enough to > figure it out on their own, would now know how to abuse these > loopholes. First of all, security through obscurity isn't. There is never a good reason to hoard information. But that's been said about 5 times in this thread already. My main point is below: From the above three citations I would be lead to beleive that undergraduate students are some kind of strange animal, suitable for a zoo. I can speak for myself and my peers, while the zoo part maybe true on, say Saturday night, :-) we are not vicious animals, we don't bite. Really. You know it seems that that inciting such an atmosphere that students and administrators are enemies is a *bad thing*. If you treat students like untrustworth scum, they'll treat you like a totallitarian dictator. It's not good for either party. It makes life much more difficult for administration, and much less fun for students. If I figured out the bug, I would probaby do it once, just to see that it works, issuing such a damaging commands as 'whoami' or 'id' as root to see that it worked. Then I would show the problem to the system administrator. You see we don't have a large reservoir of MALICE, we have a large reservoir of CURIOSITY. That is the way it is supposed to be in a leraning environment, right? I few months ago, I found that the system was leaving world readable VMCOREs (i.e. dumps of system memory at crash time). I thought it might be fun to read other people's process memory at crash time. After pondering the ethics (curiosity vs privacy) for about an hour, I came to the conclusion that no matter how much fun it would be, that data was NOT MINE TO READ, so I did not read it. Rather, I wrote a message to the system administrator about the problem. Did it ever occur that some of these "idle undergrads" could actually *SOLVE* your problem for you. Armed with the details of the bugs, someone could first check if they exist, (OH MY GOD! EXPLOIT THEM! RUIN THE SYSTEM!!! Take a valium.) and then perhaps even *FIX* them for you, given read access to the appropriate source code. I am sure that there is at least ONE student at each site capable enough at kernel hacking to fix the tty bugs. Come on people, we want to all use the computer in harmony, right? Let's nurture an atmosphere of friendship and respect, not enimity and fear. Jamie ... Segmentation fault (core dumped) Written On Thursday, May 9, 1991 at 03:09:58am EDT