edhall%rand-unix@sri-unix.UUCP (06/18/83)
I'd certainly fix any bug that came my way just as fast as I could. And I've fixed possible security problems reported here before. But I think we should realize that system administrators with access to UNIX-WIZARDS are a minority. Not everyone is blessed with access to one of the nets... But some `bad guys' are. There really isn't an easy solution. If BTL were to send bug fixes to licensees periodically (for an appropriate fee) it might help. But the probability of that is exactly zero; besides, they don't have a monopoly on wizards (as this list attests), and could easily miss something. I'm happy to see serious discussion of the issue. -Ed
steve%brl-bmd@sri-unix.UUCP (06/18/83)
From: Stephen Wolff <steve@brl-bmd> It's a cop-out - but there's always a Mailing List. That's `Mail' as in U.S. as in Snail-mail, usw. If it were ONLY a matter of "sending out bug fixes" (I suspect it's not), one might have Annunciation - as it were - via netmail, followed by a mass posting. It would likely be ->slightly<- faster than waiting 'til the next wizards meeting. Your Basic Concerned but Non-Wizard System Administrator, -s
gwyn%brl-vld@sri-unix.UUCP (06/18/83)
From: Doug Gwyn (VLD/VMB) <gwyn@brl-vld> Bell DOES send bug fixes to licensees for an appropriate fee. It is true that they don't have a monopoly on wizards, however.
SJOBRG.ANDY%MIT-OZ%mit-mc@sri-unix.UUCP (06/24/83)
A few comments...On a number of network hosts, the mail is completely insecure, as are the operating systems (NOTHING is secure!). How do you propose keeping mail sent to these sites secure? Then of course, there is the problem of people getting at the mailer queues or watching all the imp traffic... Of course, once you get to usenet, then there are the >>public<< uucp queues. Don't worry about security holes that are described here. They can (usually -- i haven't seen any that can't) be easily fixed, and >any< responsible system administrator will fix them immediately. (of course, there are those unix systems that aren't on any nets...) All in all, don't bother with being as paranoid as alt@aids-unix suggests (didn't you used to be alt@utexas-11 ??) - the evil ones will always exist, and they will usually be more clever than everyone else. (sorry if this isn't comprehensible - it's late, and i'm running low on caffine...) -andy
alt%aids-unix@sri-unix.UUCP (06/24/83)
From: Howard Alt <alt@aids-unix> I am just trying to promote discussion on "How to keep a limited distribution mailing list that everyone wants to read, limited." A serious problem. I was talking the idea over with a friend of mine, and he recommended the "Only people that *I* know are going to be allowed". The problem with this approach is that the list will be too limited to be of very much use. Howard. PS yes, I used to be alt@utexas-11... now, I am in the "real" world.
greep%su-dsn@sri-unix.UUCP (06/25/83)
If you're worried mainly about outside people getting into the system, as opposed to people who have legitimate accounts but want to login as someone else, then a simple solution is to require a site password in addition to the user's own password; that is, both have to be entered (eg the site password followed by a slash followed by the regular password). One net site actually used to do this for dialins and ptys. The only problem is notifying all the users when the site password changes. - greep