Path: utzoo!utgpu!watmath!clyde!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: Predictable
Message-ID: <120@minya.UUCP>
Date: 13 Nov 88 17:38:16 GMT
References: <17464@adm.BRL.MIL>
Organization: (none)
Lines: 28

In article <17464@adm.BRL.MIL>, encore!pinocchio!bzs@talcott.harvard.edu (Barry Shein) writes:
> 
> Spreading like the virus itself I am getting the following "thought
> virus" argument from some very predictable (old guard) people:
> 
> 	This worm is a good reason to stop the widespread acceptance
> 	of Unix. (INSERT FAVORITE UPPER-CASE DYING O/S HERE) would
> 	not have been infected by this problem.
> 
Well, I've found it fairly easy to explain to novices why this is
the wrong conclusion.  How?  I explain that the bug was based on
exploiting a particular program called "sendmail" which is not
part of Unix.  It is part of an email package that is not even
installed on the majority of Unix systems.  The problem is that 
sendmail is normally run with "super-user" permissions, which 
means that Unix security is turned off while it is running.

Most people understand that it isn't quite fair to criticise a
security package's failures when it is not running.  When they
ask why sendmail needs to run with security suppressed, I just
say "I don't know; its major competitor (uucp) doesn't require
suppressing Unix security, and it runs fine."  

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)

[Any errors in the above are due to failures in the logic of the keyboard,
not in the fingers that did the typing.]