Xref: utzoo alt.sources.d:1822 comp.unix.wizards:25576
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!sdd.hp.com!spool.mu.edu!uwm.edu!linac!att!ucbvax!UUNET.UU.NET!kyle
From: kyle@UUNET.UU.NET
Newsgroups: alt.sources.d,comp.unix.wizards
Subject: Re: kstuff 0.18 (part 1/6)
Message-ID: <9105131716.AA17481@rodan.UU.NET>
Date: 13 May 91 17:16:19 GMT
References: <10678:May918:49:1491@kramden.acf.nyu.edu.<1991May11.200747.17465@scuzzy.in-berlin.de> <10984:May1315:52:0591@kramden.acf.nyu.edu> <13May91.095814.8736@franklin.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Lines: 21

Dan Bernstein writes:
 > To the net, then: What Bill is referring to is a message I sent him last
 > week. He posted something about how without full details of the tty
 > security holes there's no way people can fix the problem. Now I've been
 > reacting rather strongly to such statements---I *have* posted a complete
 > fix, and as my last message should make clear, people do not need break
 > code to understand why the fixes work. If there weren't a published fix
 > then people would have a perfect right to complain. But this time there
 > *is*, and I think people should take a step back and review what's
 > actually happened here before they shout further religious stupidities.

You did indeed post a fix.  But without the details, it's very
hard for admins to come up with alternate solutions that don't
impact their base of users and programs as much.  It's hard to
close a hole if you don't know what it is.  Your proposed fixes
might be complete and correct, but still not be the best for a
particular installation.

Don't take this as another flame, it's not.  I'm just pointing
out that reality often demands more than one solution to a
problem.