phil@RICE.EDU (William LeFebvre) (11/15/85)
> We had someone here at Davis simply try out the crash program > to see if it would work on 4.2. Yes, it worked. Fine, but > it also shut down a system for an hour. Nice, very nice. Three points (the third one is the juiciest): 1) The message that reported that bug included five lines worth of warning saying (among other things) "before you try it yourself, ask your System Manager." In light of that very painfully obvious warning about the consequences of the action, anyone who used that information to crash a system without the system manager's approval or knowledge is being MALICIOUS! I would string him up by his thumbs! Certainly he should not be allowed to read info-vax anymore, and I would even try to keep his account DISUSERed for as long as possible (I know, sometimes that is not politically or administratively wise). You may think I am over-reacting, but things like that really tick me off! And I don't want a potentially malicious user on my system! 2) I'm surprised it kept your system down for an hour. It causes a software bug check which should automatically reboot the system (or do you have the SYSGEN SYSREBOOT parameter turned off?). (Yes, I've tried it, but I AM the system manager, and I was the only one on the system at the time.) 3) The person that originally posted the message describing how to do this (Ralf Bayer) ISN'T EVEN ON INFO-VAX!!! He even admitted it in the message! I find it ironic that he hasn't even read the discussion that he helped generate! So, even if we do adopt a policy of not discussing certain types of security holes or crashing methods, the ONLY way to enforce that policy would be to go to a moderated list. Why? Because even if everyone on the list agreed and adhered to the policy, there would be someone who just knows of the list's existence and would send in a message saying: "Hey wow! See this neat way to crash the system? You do this and this and this and then BOOM! Anyone know how to fix it? Send to me directly as I'm not on this list." Maybe it's all a communist plot to undermine the computing resources of the U.S...... :-) William LeFebvre Department of Computer Science Rice University <phil@Rice.arpa> or, for the daring: <phil@Rice.edu>