Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!lll-winken!uunet!cbmvax!grr
From: grr@cbmvax.UUCP (George Robbins)
Newsgroups: comp.unix.ultrix
Subject: Re: Does 3.1 fix security prob. in 3.0?
Keywords: chfn chsh domainname
Message-ID: <7704@cbmvax.UUCP>
Date: 19 Aug 89 06:45:20 GMT
References: <940@dinorah.wustl.edu>
Reply-To: grr@cbmvax.UUCP (George Robbins)
Organization: Commodore Technology, West Chester, PA
Lines: 22

In article <940@dinorah.wustl.edu> art@dinorah.wustl.edu (Arthur B. Smith) writes:
> 
> Several months ago, when Ultrix 3.0 was the latest greatest thing, DEC
> sent out a "Mandatory Workaround" to avoid problems from chfn, chsh
> and domainname.  Now we have Ultrix 3.1 (which replaced chfn and chsh,
> but not domainname).
...
> Does anyone out there in Netland know
> whether Ultrix 3.1 fixed any or all of these problems?  

My understanding is that the known class of bugs represented by chfn/chsh
did get fixed.  I'm not familar with the domainname varient.  The sendmail/
debug thing wasn't a problem with Ultrix, since debug was disabled...

I've never recieved any of the "security notes" from DEC, though I am the
one who ends up with all the tapes and non-billing paperwork.  I wonder who
DEC thinks is supposed to be receiving these at my site?

-- 
George Robbins - now working for,	uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing	arpa: cbmvax!grr@uunet.uu.net
Commodore, Engineering Department	fone: 215-431-9255 (only by moonlite)