Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!hsdndev!think.com!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!aplcomm!uunet!mcsun!ukc!vision!chris
From: chris@visionware.co.uk (Chris Davies)
Newsgroups: comp.admin.policy
Subject: Re: SUSPEND SYSOPS, NOT STUDENTS
Message-ID: <1991Jun17.161111.9770@visionware.co.uk>
Date: 17 Jun 91 16:11:11 GMT
References: <20740@slice.ooc.uva.nl>
Organization: VisionWare Ltd., Leeds, UK
Lines: 16

In article <20740@slice.ooc.uva.nl> ropg@ooc.uva.nl (Rop Gonggrijp) writes:
>If a password-guesser without a stadium full of supercomputers finds the root
>password, something is very wrong with system security, and any user on the
>system could become root. If however the system-operator runs something like
>COPS every once in a while there is no problem, even if the password-file is
>put on misc.misc, distribution world.

So I shouldn't let people even compile C programs (or use perl?) on
certain UNIX boxes, because of the bug(s) which allow Jane Public to
become root with a one-line program?

Chris
-- 
         VISIONWARE LTD, 57 Cardigan Lane, LEEDS LS4 2LE, England
    Tel +44 532 788858.  Fax +44 532 304676.  Email chris@visionware.co.uk
-------------- "VisionWare:   The home of DOS/UNIX/X integration" -------------