Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!watmath!clyde!burl!ulysses!ucbvax!info-vax
From: sasaki@HARVARD.HARVARD.EDU (Marty Sasaki)
Newsgroups: mod.computers.vax
Subject: Security issues
Message-ID: <8511122254.AA09933@ucbvax.berkeley.edu>
Date: Tue, 12-Nov-85 17:56:13 EST
Article-I.D.: ucbvax.8511122254.AA09933
Posted: Tue Nov 12 17:56:13 1985
Date-Received: Sat, 16-Nov-85 20:50:39 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 28
Approved: info-vax@sri-kl.arpa

Creating a sub-list is going to be a hassle. Someone will be stuck
with verifying that a person who sends a request is a bona-fide system
manager.  I don't read this list from a VMS system, but from a UNIX
system, which means that it will be difficult to verify via electronic
means that I am a system manager.

There is also the problem that many sites (probably most sites) don't
read this mailing list. An article published that showed a security
hole, even with a fix might never make it to a site. Could the poster
of the article be sued if someone penetrated a system and did real
harm as a result of an article?

Another problem is that there will always be a time lag between when
the article is posted and when I finally get around to installing it.
Let's suppose that a bunch of interesting security type stuff is
discussed at the upcoming DECUS Symposium and an article is posted
(with fixes). It happens that I am taking two weeks of vacation after
the Symposium. That means that at least two weeks will pass before the
news gets out and I get a chance to read it.

I remember when I was managing an RSX-11D system. A brand new terminal
driver was part of the release (version 6.2 I think). It was posted in
the RSX campground that typing the three character sequence control-c,
tab, and rubout would crash the system. Before I could get home that
evening (the DECUS was held in Boston, about 5 miles from where I
worked) someone had crashed the system.

		Marty Sasaki