Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!uwm.edu!psuvax1!rutgers!cmcl2!adm!news From: protin@pica.army.mil (Arthur W. Protin Jr.) Newsgroups: comp.unix.wizards Subject: Re: BSD tty security Message-ID: <26899@adm.brl.mil> Date: 14 May 91 23:09:21 GMT Sender: news@adm.brl.mil Lines: 59 Folks, I cc'ed this mail-list with my response to Greg Lindahl because I thought that the response was applicable to more than just his rantings. I have two more of his messages, quoted here in full, and again I hope to answer many of you with one reply. (But I won't bother to address him specifically.) >In article <26893@adm.brl.mil> you write: >>Greg, >> I am sorry to have say this but you are wrong when you say: > > Responding to email in public? Newbie. I should have guessed from your > security-through-obscurity orientation. No, I am not a newbie. I felt that my response was directed to more than just you. "security-through-obscurity" is a poor position that regretably we sometimes find ourselves in when products lack quality, assuming that we are doing anything of any importance. Unimportant things need little or no security, important things need the best security available, and it is truely shameful when that is only "security-through-obscurity". (End of first message) > Dan provided a patch file? Funny, it doesn't seem to have gone > anywhere else than at your site. The only "patch file" I know of for this problem is not a patch file but a multi-step recipe for curing the problem. And Dan generously posted that recipe for all of us to benefit from. > Other than that, I still find your > assumption that everyone is evil to be disgusting. Must be fun when > you know enough to condemn everyone else as evil crackers despite > knowing nothing about them. I don't assume anyone is evil, let alone that every one is. I do assume that there exist evil people, but the only way of determining if some one is evil is by what they do. I do think that it is reasonable and proper to be suspicious of people who can not understand the technical aspects of this discussion but demand to be given a purely offensive weapon. Dan's secret code is only for attacking systems! I guess the shoe fits too well, or why would some of you carry on so. This goes for anyone who is offended by what I have said. I did not accuse anyone of wrong doing or bad intent. I said that there is no good reason for Dan's weapon to be released early. If anyone feels that this implicates them it is only because they know themselves too well. I stand by what I said. Judge me by my words for I will surely judge you by yours. respectfully yours, Arthur Protin Arthur Protin These are my personal views and do not reflect those of my boss or this installation.