[comp.os.vms] Posting the Security Patch.

TWADE@CSVAX.UCD.HEA.IRL.UUCP (06/08/87)

I must heartily disagree with the notion that those of us not on software
support are "not entitled" to receive this patch. When d i g i t a l
sold us VMS they billed it as a secure (C2) operating system, and we
bought it as such. No-one expects d i g i t a l to give free help, but
when they make a screw-up of these proportions, then I expect them to put
it right for ANYONE who has bought their OS in spite of the usual the-supplier-
of-this-product-takes-absolutely-no-responsibility-whatsoever disclaimer
that has unfortunately become the industry standard.   If I wanted an
insecure operating system I would have gone for UNIX !  (By the way, thanks
Ed).
-------------------------------------------------------------------------
Tom Wade                        Bitnet:         twade@csvax.ucd.hea.irl
Systems Programmer              Ean:            twade@csvax.ucd.irl
Dept Computer Science           PSI:            PSI%27243154000721::TWADE
University College Dublin       Telex:          (0500) 91196 UCD EI
Ireland.                        Voice:          +353-1-693244 Ext 2472
-------------------------------------------------------------------------

"There is always a consoling thought in times of trouble -- when it is
somebody else's trouble!"

SYSTEM@CRNLNS.BITNET (06/08/87)

Tom,

I don't know about you, but if I were managing a VAX that was supposed
to be C2 secure, there is NO WAY I would install any patch that came in
over the net, particularly one that modifies SECURESHR.EXE!

You are trusting that the patch you received is the one that Ed
posted, and you are trusting that the patch that was posted was
the one that Ed received from DEC.

While the probability is high that the patch that you received did
indeed come from Ed, and the probability is high that it is the same one
that he received from DEC, would you bet your job on it?

Unfortunately, it is easy to fake the source of a mail message and
only slightly more difficult to modify messages passing through your
system.

Selden E. Ball, Jr.
(Wilson Lab's network and system manager)

Cornell University                 NYNEX: +1-607-255-0688
Laboratory of Nuclear Studies     BITNET: SYSTEM@CRNLNS
Wilson Synchrotron Lab              ARPA: SYSTEM%CRNLNS.BITNET@WISCVM.WISC.EDU
Judd Falls & Dryden Road          PHYSnet/HEPnet/SPAN:
Ithaca, NY, USA  14853             LNS61::SYSTEM = 44283::SYSTEM (node 43.251)

p.s. Thanks, Ed!