Path: utzoo!attcan!uunet!husc6!cmcl2!adm!xadmx!rbj@nav.icst.nbs.gov
From: rbj@nav.icst.nbs.gov (Root Boy Jim)
Newsgroups: comp.unix.wizards
Subject: Implications of recent virus (Trojan Horse) attack
Message-ID: <17519@adm.BRL.MIL>
Date: 14 Nov 88 20:54:08 GMT
Sender: news@adm.BRL.MIL
Lines: 20

Doug,
	Sometime awhile back (this spring, summer?), I remember someone's
comment regarding which sources contained the routine `gets', the routine
used to subvert fingerd. I recall you thanking the poster and stating
your intention to eradicate it from your System V emulation code.

I applaud you for your foresight, sharing your distaste for this beast.
You may very well have saved yourself from one prong of the fork.

I can imagine you crusading against gets() in both the C and POSIX
standards and I hope you have had success in that area. I would go
so far as to suggest that everyone remove this routine from libc.a
and place it in a separate library available only upon special request
for binary applications only, after filling out numerous forms.

I can see it now, a paper entitled `Local Variables Considered Harmful'.

	(Root Boy) Jim Cottrell	(301) 975-5688
	<rbj@nav.icst.nbs.gov> or <rbj@icst-cmr.arpa>
	Careful with that VAX Eugene!