Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!fernwood!portal!cup.portal.com!ts From: ts@cup.portal.com (Tim W Smith) Newsgroups: comp.org.eff.talk Subject: Re: Software vendor liability/culpability Message-ID: <43140@cup.portal.com> Date: 10 Jun 91 11:53:03 GMT References: <1991May31.073704.4847@elroy.jpl.nasa.gov> <1991Jun05.183044.29147@ddsw1.MCS.COM> <43086@cup.portal.com> <1991Jun9.143317.25764@Think.COM> Organization: The Portal System (TM) Lines: 32 >>2) Could the vendor of the network software that unprotected the /dev >>node argue that on a system with properly designed security, such a lack >>of protection would cause no problems > >Not likely. If the security of the system is dependent upon correct >protection on certain devices, and the network software intentionally >changes this protection, it is clearly disabling the security. The system >was reasonably secure when operated according to the instructions, but this >software violates those instructions. The original poster said something like "some BSD based systems" when talking about the /dev entry. I don't know enough about BSD networking to know if unprotecting the /dev entry would cause a problem on *all* BSD based systems. Would it? On System V (or, at least, the SCO version of System V when using the Lachman implementation of TCP/IP), I don't think that there would be a problem, because the streams driver for the network card determines what stream to send an incoming packet to based on the packet type. The TCP/IP software should already have a stream opened to the driver for all IP packets, so someone coming in later would not be able to grab these. Do any BSD systems work like this? If so, the vendor might be able to argue that a particular system that does not behave like this is at fault. (I think the network software vendor should be strung up by their tranceivers, but since I plan to go to law school in a couple years, I figure I should practice arguing for the side I don't agree with, which is why I keep trying to come up with ways for them to squirm out of liability! :-) ) Tim Smith