Path: utzoo!utgpu!watmath!att!ucbvax!CAEN.ENGIN.UMICH.EDU!frank
From: frank@CAEN.ENGIN.UMICH.EDU (Randy Frank)
Newsgroups: comp.sys.apollo
Subject: Re: security bug
Message-ID: <44edb1250.001b7ec@caen.engin.umich.edu>
Date: 9 Aug 89 16:32:20 GMT
References: <109@tugiaik.UUCP>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 19

I have mixed feeling about the publishing of security holes; it certainly can
make life difficult for those with vulnerable systems until patches are found.

However, it also causes patches to be found a lot faster!

In the case of Apollo we have regularly complained that way too much Apollo
security is "security through obscurity" as opposed to enforced security in
the kernel.  (The fact that the patches proposed are being made to libraries
instead of the kernel leads me to believe that the underlying hole is still
there, just made more difficult, i.e., obscure, to exploit.)

The fact that Apollo often relies on unpublished interfaces as a way of providing
"security" is simply not acceptable.  While the standard Unix kernel is by
no means fully secure, at least there are no known cases where something is
considered secure simply because a hole is unpublished.  Apollo needs to provide
security that's at least as good as "standard" Unix, which means at a minimum
means not viewing unpublished interfaces as secure.

Randy Frank