Path: utzoo!utgpu!bnr-vpa!bnr-fos!bnr-public!hwt
From: hwt@bnr-public.uucp (Henry Troup)
Newsgroups: comp.unix.wizards
Subject: Re: Internet Virus: SunOS patches
Message-ID: <176@bnr-fos.UUCP>
Date: 10 Nov 88 18:15:01 GMT
References: <76493@sun.uucp> <3596@phri.UUCP>
Sender: news@bnr-fos.UUCP
Reply-To: hwt@bnr-public.UUCP (Henry Troup)
Organization: Bell-Northern Research, Ottawa, Canada
Lines: 16

The recent experience brings one thing to mind - without source,
or extensive testing of `undocumented features', it's d_mn hard
to know if your system is secure.  And, as someone pointed out, you
really need more than that - either recompile everything, or determine
somehow what options were passed to make.
 
In a previous incarnation, I was an IBM VM/CMS system programmer (not
employed by IBM).  I left that jobs when we started getting object-code
only distribution from IBM.  We couldn't tell what fixes were applied-
IBM couldn't even tell.  And the product in question was new and very 
unstable.  
 

Henry Troup		utgpu!bnr-vpa!bnr-fos!hwt%bnr-public | BNR is not 
Bell-Northern Reseach   hwt@bnr (BITNET/NETNORTH) 	     | responsible for 
Ottawa, Canada		(613) 765-2337 (Voice)		     | my opinions