Security on the 3B1

[Kris A. Kugel]

In article <200 at hico2.UUCP>, kak at hico2.UUCP (Kris A. Kugel) writes:
> Now, I can:
> 1. post the results of the security audit to the world
>    (possibly creating awareness of the holes to those
>     we would rather stay ignorant, and before the holes can be fixed)

	So far, I've only gotten one objection to this suggestion.
	If anybody is nervous about this, I'd like to point out
	that this program isn't reporting the subtle holes,
	rather it finds more blatant holes on the one hand,
	and gives suggestions for possible holes on the other.
	(like reporting all suid and sgid files)

> 2. post the security auditing program (probably violating copyright)

	If somebody comes up with a contact point for the authors,
	I'll post it if they say ok.  This was a popular suggestion,
	but I've decided I'll give the authors the same consideration
	that I'd want.  I won't have time to track them down immediately.

> 3. mail the results to anybody who requests them
>   (assumes some kinda tracking of who gets it is better than nothing,
>    not all that much safer, and a pain in the butt for me)

	I won't have time for this.
> 

Sorry for the delays in responding, I will send approprite mail, etc.
when I get back from out-of-town after this weekend.

                                Kris A. Kugel
                               (201) 842-2707
        {uunet,att,rutgers}!westmark            <--daily
 {ssbn,zorch,zinn,ditka,daver,attdso}           <--semi-daily
 	                    {wldrdg}!hico2!kak <--maybe
 	                  {stc-auts}           <--seems dead for 9600

P.S. to s5000!gh - the last mail I sent to your machine
(on a different subject) got bounced.
	-Kris