Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!watmath!clyde!cbosgd!ucbvax!nyu-cmcl1.arpa!TIHOR
From: TIHOR@NYU-CMCL1.ARPA (Stephen Tihor)
Newsgroups: mod.computers.vax
Subject: Security issues
Message-ID: <316648859.0345002E;1985@CMCL1.NYU.ARPA>
Date: Tue, 12-Nov-85 17:18:00 EST
Article-I.D.: CMCL1.316648859.0345002E;1985
Posted: Tue Nov 12 17:18:00 1985
Date-Received: Thu, 14-Nov-85 07:48:16 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 23
Approved: info-vax@ucbvax.berkeley.edu

No matter how we organize the secure INFO-VAX list it will contain people
who, in a perfect world, should never be allowed with reach of computer.
The Unix wizards security list contains two system crackers that I have had
problems with in the last few years.  Therefore you must assume that the enemy
(self proclaimed) is listening.

Certainly if you are going to publish anything on the list that can crash or
crack open a system you should have SPR-ed it to DEC and there should be some
solid reason to publish it...if its a Security problem I would rather let
ignorance be DEC's ally until the next minor release gets out but if you
do publish it here please include a workaround.  For example I am now going to
have to go and set ACL's on a bunch of logical name tables since someone
has already done this I would personally prefer if they just included
the code to handle the standard tables at the end of their message.

I regret that DEC does not provide a service whereby we can get such
patches by an at least semi-secure E-Mail channel.

 \\   Stephen Tihor / CIMS / NYU / 251 Mercer Street  / New York, NY 10012  //
((  DEC Enet: RHEA::DECWRL::"""TIHOR@NYU-CMCL1.ARPA"""  NYUnet: TIHOR.CMCL1  ))
 // ARPAnet: Tihor@NYU-CMCL1   UUCPnet address: ...!ihnp4!cmcl2!cmcl1!tihor \\

-------