Path: utzoo!attcan!uunet!super!rminnich
From: rminnich@super.ORG (Ronald G Minnich)
Newsgroups: news.sysadmin
Subject: Re: who, me?
Message-ID: <1356@super.ORG>
Date: 21 Nov 88 18:55:44 GMT
References: <622@ccncsu.ColoState.EDU> <797@mailrus.cc.umich.edu> <22243@sgi.SGI.COM>
Sender: uucp@super.ORG
Reply-To: rminnich@duper.UUCP (Ronald G Minnich)
Organization: Supercomputing Research Center, Lanham, MD
Lines: 18

In article <22243@sgi.SGI.COM> vjs@rhyolite.SGI.COM (Vernon Schryver) writes:
>Absolutely.  Vague but dire warnings in the netnews from Joe Sysadmin,
>Dr. Net Luminary, or even Exalted BSD Personage do not get attention at
> vendors.
   Or at non-vendors either. 

   But those explicit explanations sure got my attention. There were
some set-uid scripts floating around here, because although i had 
always heard that they were a security hole, i was too thick to figure out 
how. They were gone oh, say, 15 seconds after i saw the message. 
I am not real good at this security stuff, but you only have to hit me
between the eyes once with a 2-by-4. 
   So vague but dire warnings don't always play well at the user's sites, 
either. There is an infinitely deep queue of things that had to be done 
last week, and it will ALWAYS be infinitely deep. 
   My thanks to those who are bringing these things into the open.
The bad guys already know it, so it can't hurt to tell the rest of us.
ron