Re: UnixWare

der Mouse (mouse@collatz.mcrcim.mcgill.edu)
Fri, 29 Apr 1994 09:30:48 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc W. Mengel: "Re: UnixWare"
Previous message: Bruce Barnett: "Unix Trojan Horse Scanner program (Beta)"
Maybe in reply to: Carl Corey: "UnixWare"
Next in thread: Gene Spafford: "Re: UnixWare"

> This all got started because I tried to remind people that
> CERT/CIAC/NASIRC/ASSIST/Santa Claus is not why we have problems; they
> didn't put the bugs in your systems, and they aren't responsible for
> fixing them.

No, but I had thought they had advertised themselves as a worthwhile
place to report them, and my perception, and apparently that of many
other people here, is that this is not the case.

> The bugs came from your vendors, and it is up to those vendors to
> provide working fixes.

In many cases, the bugs come from the original BSD (or sometimes V7)
code, and knowing this is valuable to those who are working with a
non-vendor version derived from that same code.  But CERT never says
anything like this; all they ever seem to say is "<foo> is a security
hole.  The following vendors have patched versions available, here's
where to get them.", which is useless in helping people with other
vendor versions, or people with non-vendor versions, decide whether
they are at risk.

That's one reason I subscribed to bugtraq - in the hope of actually
finding out enough about bugs to let me determine when I'm vulnerable.
And I'm glad to say it's done that.

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

Next message: Marc W. Mengel: "Re: UnixWare"
Previous message: Bruce Barnett: "Unix Trojan Horse Scanner program (Beta)"
Maybe in reply to: Carl Corey: "UnixWare"
Next in thread: Gene Spafford: "Re: UnixWare"