henry@utzoo.uucp (Henry Spencer) (11/18/88)
In article <17088@agate.BERKELEY.EDU> weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) writes: >Now the above is an extreme, but it illustrates a very very common at- >titude among researchers when it comes to computers: "why think?"... Unfortunately, it's not uncommon among writers of production software, either. A certain computer company whose name starts with S has a bit of a reputation among its customers for its, uh, nonchalance about performance and resource usage. And the less said about the FSF, the better... -- Sendmail is a bug, | Henry Spencer at U of Toronto Zoology not a feature. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
jbuck@epimass.EPI.COM (Joe Buck) (11/18/88)
In article <1988Nov17.165318.6268@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes: >Unfortunately, it's not uncommon among writers of production software, >either. A certain computer company whose name starts with S has a bit of a >reputation among its customers for its, uh, nonchalance about performance >and resource usage. And the less said about the FSF, the better... Something very important should be said about FSF in this regard. The official copies of Gnu software are mode 777, deliberately, based on RMS's opposition to any notion of security. Already, someone attempting to FTP GNU software managed to destroy an important file by specifying FTP arguments in the reverse order (he apologized profusely on one of the gnu.* lists). It would be trivial for anyone on the Internet to install a Trojan horse in GNU source code and have it installed everywhere, thereby destroying the good names of those involved in FSF. Sharing of information does not require that every file be writable by everyone who thinks he knows how to operate a computer; most data destruction I've seen is accidental. But some is deliberate, so watch out. -- - Joe Buck jbuck@epimass.epi.com, or uunet!epimass.epi.com!jbuck, or jbuck%epimass.epi.com@uunet.uu.net for old Arpa sites
rminnich@super.ORG (Ronald G Minnich) (11/19/88)
In article <2661@epimass.EPI.COM> jbuck@epimass.EPI.COM (Joe Buck) writes: >Something very important should be said about FSF in this regard. The official >copies of Gnu software are mode 777, deliberately, based on RMS's opposition >to any notion of security. Already, someone attempting to FTP GNU software Oh, terrific. we run that stuff, not so much cause everyone here loves it but because some people do. A 'du' shows the emacs tree is tens of mbytes, with the gc* trees coming in close behind. Where is the best place to put a virus? A compiler of course. Next best place? emacs? OK, how do you know it has not already happened? Better yet, look at the > 100 Mb X source, which i hope to hell is not so loose... I liked the good old days better, when nobody who used unix gave a damn about this stuff. Then we wouldn't have cared ... ron P.S. BTW i think Henry's original comment was more about FSF software's cost (use of resources and cycles) than security ...
mike@istsists.ca (Mike Clarkson) (11/30/88)
In article <2661@epimass.EPI.COM>, jbuck@epimass.EPI.COM (Joe Buck) writes:
! Something very important should be said about FSF in this regard. The official
! copies of Gnu software are mode 777, deliberately, based on RMS's opposition
! to any notion of security. Already, someone attempting to FTP GNU software
! managed to destroy an important file by specifying FTP arguments in the
! reverse order (he apologized profusely on one of the gnu.* lists).
!
! It would be trivial for anyone on the Internet to install a Trojan horse
! in GNU source code and have it installed everywhere, thereby destroying
! the good names of those involved in FSF. Sharing of information does not
! require that every file be writable by everyone who thinks he knows how
! to operate a computer; most data destruction I've seen is accidental.
! But some is deliberate, so watch out.
!
Add to this the temptation to make movemail suid root and you have a system
with no security at all.
I have often speculated that RMS made Gnu Emacs so large to make sure
that no one would notice these two little features that lie burried in
18 Mbytes of code. An effective way of accomplishing his real aim of
removing all system security on any machine that installs his software.
Mike.
--
Mike Clarkson mike@ists.UUCP
Institute for Space and Terrestrial Science mike@ists.yorku.ca
York University, North York, Ontario, uunet!mnetor!yunexus!ists!mike
CANADA M3J 1P3 +1 (416) 736-5611