Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: Posting easily-exploited security holes
Message-ID: <422@minya.UUCP>
Date: Wed, 2-Dec-87 20:37:14 EST
Article-I.D.: minya.422
Posted: Wed Dec  2 20:37:14 1987
Date-Received: Sun, 6-Dec-87 07:45:25 EST
Organization: home
Lines: 22
Summary: No, keep posting...

In article <6305@ncoast.UUCP>, allbery@ncoast.UUCP (Brandon Allbery) writes:
> 
> Wonderful idea, by the way -- don't you get a warm glow from having posted
> an easily-exploited security hole to the Net?  Please be more circumspect
> next time.

No, no, no!!!  I get real exasperated by all the people who think that
system managers (like me) should be kept in the dark about security holes.
I want to hear all about them.  How the @#$^% do you think I can plug 
them, if I don't learn about them?  Huh?

A couple weeks ago, I startled some folks around where I'm working now
by typing six chars on a logged-in terminal, and getting a super-user
prompt.  It was the first time I'd ever typed anything at that machine.

I then explained to the machine's manager (who was watching, horrified) 
just what they were doing wrong.  I got a few points from that one.  The 
method I used was mentioned in unix.wizards a couple years back.  I would 
like to hear some more good ways of earning points.....

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)