Path: utzoo!attcan!uunet!convex!killer!ames!sgi!vjs@rhyolite.SGI.COM
From: vjs@rhyolite.SGI.COM (Vernon Schryver)
Newsgroups: news.sysadmin
Subject: Re: who, me?
Summary: be explicit
Message-ID: <22243@sgi.SGI.COM>
Date: 18 Nov 88 23:34:59 GMT
References: <622@ccncsu.ColoState.EDU> <797@mailrus.cc.umich.edu>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 27

In article <797@mailrus.cc.umich.edu>, honey@mailrus.cc.umich.edu (peter honeyman) writes:
> > steved@longs.lance.colostate.edu objects to exposing the TIOCSTI bug to
> > unfriendly eyes, expressing a concern that "a few more clues and a
> > little imagination will yield potential disaster."
> 
> this is one school of thought, and we saw the result of this attempt at
> hush-it-up-don't-say-a-word computer security.  in particular, broken
> systems running sendmail learned the hard way that this policy has it's
> down side.
> there is another school of thought on this -- tell everyone you can
> as fast as you can.  that's my alma mater.

Absolutely.  Vague but dire warnings in the netnews from Joe Sysadmin,
Dr. Net Luminary, or even Exalted BSD Personage do not get attention at
vendors.  There are always enough explict bug reports to go around.  If
you want yours fixed, it better not be too hard to figure out what you're
talking about.

> it was in the spirit of glasnost that i posted a working program that
> exploits the setpgrp bug. 

Sorry, but I must of missed that one.  Could you repost it or mail it
to me?

Vernon Schryver
Silicon Graphics
vjs@sgi.com