BSD tty security
Arthur W. Protin Jr.
protin at pica.army.mil
Wed May 15 03:43:52 AEST 1991
Greg,
I am sorry to have say this but you are wrong when you say:
>> THE CODE THAT DAN IS WITH HOLDING IS THE CODE THAT EXPLOITS THE
>>SECURITY BUG. It is not needed to fix the code.
>
> It is needed if you're not bright enough to figure out what the bug is.
If you are not "bright enough to figure out what the bug is",
then you can do any of these four things:
1) apply the fixes that Dan provided;
2) start the flood of users requesting that their vendors
fix the bug;
3) ignore it all and hope it goes away;
4) carry on like spoiled children and demand that Dan give you
code that you are not bright enough to understand anyhow!
If you cannot figure out what the problem is from all that has already
been said, you will not fare much better with the code to exploit
the bug (unless your goal is to exploit the goal).
If you are not bright enough to figure how what the bug is by now,
what makes you think you are bright enought to find an equally good
alternative to Dan's formula?
If you can can not follow Dan's proof that his fixes close the hole,
then you really should turn this problem over to some one qualified
to deal with it and you will have to be able to trust them because
you will not be able to second guess them technically.
Understand that when Dan does publish the code he has withheld,
no one who had to wait for that code to fix the problem will be
able to fix the problem before the crackers have run through
their systems.
Those who want the code published now want the affected systems
violated now.
thank you,
Art Protin
Arthur Protin <protin at pica.army.mil>
These are my personal views and do not reflect those of my boss
or this installation.
More information about the Comp.unix.wizards
mailing list