Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!purdon From: purdon@athena.mit.edu (James R. Purdon III) Newsgroups: comp.admin.policy Subject: Re: Footnote to user who mailed /etc/passwd Message-ID: <1991Jun28.143520.11399@athena.mit.edu> Date: 28 Jun 91 14:35:20 GMT References: <1991Jun27.183621.14667@athena.mit.edu> Sender: news@athena.mit.edu (News system) Organization: Massachusetts Institute of Technology Lines: 44 In article bagchi@eecs.umich.edu (Ranjan Bagchi) writes: > > Michael Covington has at least once gone through the ways that >that /etc/passwd mailer was identified. They had an account which >they knew/suspected was pirated, for lack of a better word. They >searched the account, and found a copy of the message with /etc/passwd >in it. They verified the header, and had the person who mailed it. > > It's not that I agree with the punishment, I've stated >repeatedly that I think suspension is much too harsh. But blind >speculation as to what happened just discredits you. Perhaps I'm not making myself clear. I think its wrong to search accounts, read email, or log sessions without prior warning. If users are informed at the time they obtain their logins, or at login time that a policy of logging sessions / search on suspicion is in effect, then I have no problems with those sorts of actions. All it takes is the statement "All transactions are logged and may be reviewed at any time by system administration" in the motd or issue files and system administrators can search to their hearts content (though it might be nice to have such disclaimers on outging email as well). Otherwise, they are on shakey ethical ground. As for the Georgia law, my opinion is that its terribly broad and leaves too much for the authorities to define at their whim. For example, is fingerd a service? It certainly consumes cycles and impacts network bandwidth. Is authorization required for someone to connect to it? It seems to me that this is at the whim of the administrators. I can believe one could be charged with violating the law by running a finger against athena.cs.uga.edu. I don't think such laws should be used in place of policy. > > -rj >-- >Ranjan Bagchi | cd /tmp; while (1) >bagchi@eecs.umich.edu | mkdir spam; cd spam > | end -- Jim Once I was a fetus. Now I am a person, and a married person as well.