Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!lll-winken!uunet!cbmvax!grr From: grr@cbmvax.UUCP (George Robbins) Newsgroups: comp.unix.ultrix Subject: Re: Does 3.1 fix security prob. in 3.0? Keywords: chfn chsh domainname Message-ID: <7704@cbmvax.UUCP> Date: 19 Aug 89 06:45:20 GMT References: <940@dinorah.wustl.edu> Reply-To: grr@cbmvax.UUCP (George Robbins) Organization: Commodore Technology, West Chester, PA Lines: 22 In article <940@dinorah.wustl.edu> art@dinorah.wustl.edu (Arthur B. Smith) writes: > > Several months ago, when Ultrix 3.0 was the latest greatest thing, DEC > sent out a "Mandatory Workaround" to avoid problems from chfn, chsh > and domainname. Now we have Ultrix 3.1 (which replaced chfn and chsh, > but not domainname). ... > Does anyone out there in Netland know > whether Ultrix 3.1 fixed any or all of these problems? My understanding is that the known class of bugs represented by chfn/chsh did get fixed. I'm not familar with the domainname varient. The sendmail/ debug thing wasn't a problem with Ultrix, since debug was disabled... I've never recieved any of the "security notes" from DEC, though I am the one who ends up with all the tapes and non-billing paperwork. I wonder who DEC thinks is supposed to be receiving these at my site? -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)