Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Internet Virus: SunOS patches
Message-ID: <447@auspex.UUCP>
Date: 12 Nov 88 21:37:45 GMT
References: <76493@sun.uucp> <580@micropen> <426@auspex.UUCP> <663@hscfvax.harvard.edu>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 15

>> You can argue, probably justifiably, that they [Sun] should either have turned
>> DEBUG off when building it, or at least made debug mode not have the
>> side-effect of allowing addresses other than user names in RCPT lines,
>> but you can also argue that Berkeley should have done that as well.... 
>
>  I have not seen Berkeley advertising the suitability of their work for end-
>  user or commercial applications.  Sun's does daily.

This hardly argues that it was OK for Berkeley to consciously leave that
trap door in without warning people about it.  (It also doesn't argue
that Sun should, but then I wasn't arguing that it *was* OK for Sun to
do this.  I was just pointing out that Sun didn't consciously make the
software *less* secure than it was as it came from Berkeley; the
original poster was asserting that Sun and Mt. Xinu had done precisely
that, which was simply not true.)