jeffrey%cmc.cdn%ubc.CSNET@CSNET-RELAY.ARPA (Craig Jeffrey) (11/13/85)
Date: 13 Nov 85 1322 GMT
From: Craig Jeffrey <jeffrey@cmc.cdn>
To: goldstein%galaxy.DEC@decwrl.DEC.com
In-Reply-To: <8511121745.AA08383@decwrl.DEC.COM>
Message-ID: <532:jeffrey@cmc.cdn>
Subject: Publishing Security Holes on INFO-VAX
As a system manager who needs a secure system, I welcome any discussions
about security issuses in INFO-VAX. DEC approach to security is
is somewhat simplistic (we use third party security mechanisms) and I
would much rather see DEC respond intelligently to security holes than
attempt to "gag" them by making pious statements about what's good for DEC
is good for the general computing community.
Craig Jeffrey
///////////// Canadian Microelectronics Corportion
Carruthers Hall
Kingston, Ontario Canadaeugene@AMES-NAS.ARPA (Eugene Miya) (11/14/85)
If Mr. Goldstein is the person who wrote the recent VAX security
guide from DEC, I am impressed. I am surprised that no one from
the Unix community has responded to this. This issue came up in the
Unix community about 2 years ago. What was created was a mailing
list based on interested parties who could show that they had
some business doing security work (at least to a low-level) like
mailing from the "root" account. The equivalent thing might be to
issue the mail from SYSTEM. This offers a first cut, and nothing more.
I did not join the above mailing list as research in security is
not my interest, but I offer it as a helpful suggestion for future
security discussions. Perhaps, Mr. Goldstein can act as keeper
of such a security discussion list.
"I would never join a group that would have me for a member."
Woody Allen and many others.
--eugene miya
NASA Ames Research Center
eugene@ames-nas
{hao,ihnp4,nsc,dual,menlo70,hplabs}!ames!eugene
UUCP