Path: utzoo!attcan!uunet!mcvax!hp4nl!phigate!prle!prles2!nvpna1!collins From: collins@nvpna1.prl.philips.nl (Donal O Coileain) Newsgroups: comp.sys.apollo Subject: Re: security hole Message-ID: <641@prles2.UUCP> Date: 10 Aug 89 09:21:30 GMT References: <44e9d7d4.c4b0@apollo.HP.COM> <511@eda.com> Sender: nobody@prles2.UUCP Reply-To: collins@nvpna1.UUCP (Donal O Coileain) Organization: Philips Research Labs (Nat Lab), Eindhoven, The Netherlands. Lines: 30 In article <511@eda.com> jim@eda.com (Jim Budler) writes: >From Apollo? > > Every month, an invoice arrives. (Well, not any more 8^) Apollo produces a patch tape every month. In the 9.7 patch tape for JUNE 89 months before this discussion was started I read : "Patch 184 APR DCB34 : A security hole existed in the pad_$dm_cmd .......................... Now if the two user_ids are not equal, the command is disallowed and the following error status is returned: 'operation is illegal when no display is attached'" You cannot blame Apollo because you don't read the release notes or understand the bugs/fixes. >I fully agree with the posting of the bug. Look, INSTANT action. >Explicit mention of compatibility of /lib/streams. High awareness >in community of seriousness of bug. I see no problem in posting the problem, however I feel that it is not necessary to post the source code as well. Donal O Coileain. collins@apolloway.prl.philips.nl or collins%nvpna1.prl.philips.nl@uunet.uu.nl -- And out of the gloom a voice said, 'Smile and be happy for things could be a lot worse'. So I smiled and was happy and behold, things got worse --