Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!ames!ucbcad!ucbvax!uta.EDU!STEWART_SYS
From: STEWART_SYS@uta.EDU.UUCP
Newsgroups: comp.os.vms
Subject: Security patch.
Message-ID: <8706131415.AA09544@ucbvax.Berkeley.EDU>
Date: Thu, 11-Jun-87 10:45:00 EDT
Article-I.D.: ucbvax.8706131415.AA09544
Posted: Thu Jun 11 10:45:00 1987
Date-Received: Sat, 13-Jun-87 23:43:55 EDT
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 26

Well, I for one received my Mandatory Update from DEC with the much talked
about security patch.  It is accompanied with a single sheet explaining
briefly how to install it.  It being the mandatory update, which, as the
sheet says, failure to install may compromise the integrity of your system.
It certainly doesn't mention what it's patching and why - just install it
and wait for the tape to self destruct.  

For those that have not yet received it or installed it, be warned that
once it finishes its patches, it reboots your system RIGHT NOW.  There is
no prompt for 'minutes to shutdown' or anything.  This sort of took me by
surprise.

As for the patch being sent over the net, I agree with the gent who cautioned
that anyone in between the path could have tampered with it.  It seems that if
it's security you're concerned with, then you're better off waiting for the
update from DEC.  Although I've heard a lot about this security hole, I've
not seen one message from anyone who has been victimized by it.  It is 
supposedly an obscure problem that requires some hacking to get to.  Now with
the patch published, potential hackers have been given a very good clue as
to where to dig.

The other item of concern is installing this and rebooting a production 
machine.  You don't have to reboot the machine for it to take effect.  DEc
does this to insure that the secureshr image is properly re-installed, but
a competent system manager should know (or be able to read up on) how to
re-install the image - no reboot necessary.