Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!udel!haven.umd.edu!uvaarpa!murdoch!astsun9.astro.Virginia.EDU!gl8f
From: gl8f@astsun9.astro.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.org.eff.talk
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1991Jun21.000442.16672@murdoch.acc.Virginia.EDU>
Date: 21 Jun 91 00:04:42 GMT
References: <1991Jun18.165528.19569@athena.cs.uga.edu> <ABRAMS.91Jun18172843@division.cs.columbia.edu> <8589@awdprime.UUCP>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
Lines: 24

In article <8589@awdprime.UUCP> mbrown@testsys.austin.ibm.com (Mark Brown) writes:

>Why shouldn't the student be forced to get permission *first*, before 
>trying to compromise a system others use?

The question was about running COPS. You can run COPS without
compromising anything -- it tests for security holes, it doesn't break
in and delete files.

I see no reason why I, Joe Average User with no interest in breaking
in, but a big interest in protecting my confidential files, should
have to plead with the admin to run COPS. I just run it.

>>  o  Why are some sysadmins slow to close obvious security holes?
>
>What is *obvious*? To whom?

Well, we've heard examples of admins who apparently leave holes open
that can be detected by COPS. To *me*, that's pretty obvious.

>Why are some users eager to abuse security holes?

Beats me. I'm not one of them. And not letting me run COPS is not a
way to stop abuse.