Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!wuarchive!udel!princeton!njsmu!telesci!frnkmth!bill From: bill@franklin.com (bill) Newsgroups: comp.unix.wizards Subject: Re: Should Dan post full details of his tty bugs? Message-ID: <14May91.044600.356@franklin.com> Date: 14 May 91 04:46:00 GMT References: <26821@adm.brl.mil> <1991May13.092359.24793@thunder.mcrcim.mcgill.edu> Organization: Franklin Electronic Publishers Lines: 32 : In article <26821@adm.brl.mil>, konczal@sunmgr.ncsl.nist.gov (Joe Konczal) writes: : > If Dan posted full details, those who don't have the source to their : > operating systems would still be unable to close the loopholes, but This is simply not true. There are any number of potential solutions to this kind of problem, ranging from kernel binary hacks, to redistributing access to various machines, to buying the source code, to network and kernel monitoring, to harassing one's vendor, to guards in the terminal room, to kicking off the system anyone who might abuse it, etc. The thing some seem to forget is this: ignorance prevents an informed response. As it stands right now, any person with even a little programming skill and some time on their hands could exploit the hints provided in this newsgroup; however, the typical system administrator, not even knowing the extent of the problem, is going to say, rightly, that he's got enough *known* problems to deal with, without wasting time on what may be totally irrelevant to his system. (Someone is likely to say that the extent of the problem has been explained. Nonsense. For something as ramified as this, the explanations posted here have been woefully inadequate.) The effect is that most system administrators will do nothing about things, because they *can't*, and most sites that have irresponsible users who become aware of the possibility of exploiting this hole are going to get the shaft. If provided with the precise details of the problem, those same irresponsible users will still do their thing, but the system administrators will be in a position where they can at least attempt to prevent any significant abuse from happening, or can detect a use of this hole and clean up afterwards.