Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!yetti!geac!daveb
From: daveb@geac.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: suid schell scripts - security hole
Message-ID: <1672@geac.UUCP>
Date: Fri, 23-Oct-87 10:32:14 EST
Article-I.D.: geac.1672
Posted: Fri Oct 23 10:32:14 1987
Date-Received: Sun, 25-Oct-87 10:45:11 EST
References: <9839@brl-adm.ARPA> <21343@ucbvax.BERKELEY.EDU>
Reply-To: daveb@geac.UUCP (Dave Collier-Brown)
Organization: The little blue rock next to that twinkly star.
Lines: 16

In article <21343@ucbvax.BERKELEY.EDU> bostic@ucbvax.BERKELEY.EDU (Keith Bostic) writes:
>The rules should be that you document the existence of the hole, and you
>document any fixes that are applicable.  Just *never* post how to use the
>hole.  (And you try to disguise the fix.)

There is also a security mailgroup which your system administrator
can join, at hao!isis!sec-request.  Well, probably can join... I'm
still waiting ((:-)).

--dave

-- 
 David Collier-Brown.                 {mnetor|yetti|utgpu}!geac!daveb
 Geac Computers International Inc.,   |  Computer Science loses its
 350 Steelcase Road,Markham, Ontario, |  memory (if not its mind)
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.