Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!ucbvax!agate!shelby!decwrl!eda!jim From: jim@eda.com (Jim Budler) Newsgroups: comp.sys.apollo Subject: Re: security hole Message-ID: <512@eda.com> Date: 14 Aug 89 17:51:45 GMT References: <44e9d7d4.c4b0@apollo.HP.COM> <511@eda.com> <641@prles2.UUCP> Organization: EDA Systems, Inc. Santa Clara, CA Lines: 44 collins@nvpna1.prl.philips.nl (Donal O Coileain) writes: >In article <511@eda.com> jim@eda.com (Jim Budler) writes: >>From Apollo? >> >> Every month, an invoice arrives. (Well, not any more 8^) >Apollo produces a patch tape every month. In the 9.7 patch tape for JUNE 89 >months before this discussion was started I read : > "Patch 184 APR DCB34 : A security hole existed in the pad_$dm_cmd > .......................... > Now if the two user_ids are not equal, the command is disallowed and > the following error status is returned: > 'operation is illegal when no display is attached'" >You cannot blame Apollo because you don't read the release notes or >understand the bugs/fixes. Wanta bet? In two years of paying Apollo for support I did not receive ONE patch tape that I didn't have to ask about myself. I can't read the release notes if I don't get them. I call in a bug and get told "fixed in the XXXX patch tape", and that is frequently months old, as you mention. It doesn't do me any good to have Apollo produce a monthly patch tape if they never inform me of it's existance. You didn't read my posting very well or you would have realized that. You even quoted my statement that the only monthly mailings I got from Apollo were bills. >Donal O Coileain. collins@apolloway.prl.philips.nl or > collins%nvpna1.prl.philips.nl@uunet.uu.nl >-- And out of the gloom a voice said, 'Smile and be happy for things could > be a lot worse'. So I smiled and was happy and behold, things got worse -- jim -- Jim Budler address = uucp: ...!{decwrl,uunet}!eda!jim domain: jim@eda.com voice = +1 408 986-9585 fax = +1 408 748-1032