Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!ucbvax!agate!shelby!decwrl!eda!jim
From: jim@eda.com (Jim Budler)
Newsgroups: comp.sys.apollo
Subject: Re: security hole
Message-ID: <512@eda.com>
Date: 14 Aug 89 17:51:45 GMT
References: <44e9d7d4.c4b0@apollo.HP.COM> <511@eda.com> <641@prles2.UUCP>
Organization: EDA Systems, Inc. Santa Clara, CA
Lines: 44

collins@nvpna1.prl.philips.nl (Donal O Coileain) writes:

>In article <511@eda.com> jim@eda.com (Jim Budler) writes:
>>From Apollo?
>>
>>	Every month, an invoice arrives. (Well, not any more 8^)

>Apollo produces a patch tape every month. In the 9.7 patch tape for JUNE 89
>months before this discussion was started I read :

> "Patch 184 APR DCB34 : A security hole existed in the pad_$dm_cmd
>	   ..........................
>  Now if the two user_ids are not equal, the command is disallowed and
>  the following error status is returned:

>	'operation is illegal when no display is attached'"

>You cannot blame Apollo because you don't read the release notes or 
>understand the bugs/fixes.

Wanta bet? In two years of paying Apollo for support I did not
receive ONE patch tape that I didn't have to ask about myself.
I can't read the release notes if I don't get them. I call in a bug
and get told "fixed in the XXXX patch tape", and that is frequently
months old, as you mention.

It doesn't do me any good to have Apollo produce a monthly patch tape
if they never inform me of it's existance.

You didn't read my posting very well or you would have realized
that. You even quoted my statement that the only monthly mailings I got
from Apollo were bills.

>Donal O Coileain.   collins@apolloway.prl.philips.nl   or
>                    collins%nvpna1.prl.philips.nl@uunet.uu.nl
>-- And out of the gloom a voice said, 'Smile and be happy for things could
>   be a lot worse'. So I smiled and was happy and behold, things got worse --

jim
-- 
Jim Budler   address = uucp: ...!{decwrl,uunet}!eda!jim
					 domain: jim@eda.com
			 voice	 = +1 408 986-9585
			 fax	 = +1 408 748-1032