Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

nicklessmcs.anl.gov

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bruce Barnett: "when did "tmpmail" first show up?"
• Previous message: Peter Wemm: "Re: pt_chmod"
• Maybe in reply to: [8LGM] Security Team: "[8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• Next in thread: Pete Hartman: "Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"

At 01:02 PM 12/3/94 -0500, Bob Manson wrote:

>I have a basic problem with partial disclosure: who decides who is
>"eleeet" enough to receive the full disclosure? If you're not in the
>"in crowd", you lose. And that's fine with me, ultimately--if 8lgm
>decides they don't want to do full disclosure, that's up to them. But
>that doesn't mean the rest of us can't and won't disclose everything
>that we know in a free environment.

This rings true to me.  Take the bug that bit IBM a couple of months ago
regarding the interaction between logind and login.  Many people at our site
beat on IBM because of such a wide hole that had been fixed in other systems
long before.  But they had no answer when I asked "so if you worked at IBM,
who could you ask to get a list of known security holes in BSD or whatever
so that you could make sure your operating system has fixed them?"
--
Bill Nickless          nicklessmcs.anl.gov          +1 708 252 7390
              http://www.mcs.anl.gov/people/nickless

• Next message: Bruce Barnett: "when did "tmpmail" first show up?"
• Previous message: Peter Wemm: "Re: pt_chmod"
• Maybe in reply to: [8LGM] Security Team: "[8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• Next in thread: Pete Hartman: "Re: Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"