[18] in bugtraq
Re: Internet Worm
daemon@ATHENA.MIT.EDU (Pat Myrto)
Tue Oct 18 01:42:11 1994
From: rwing!pat@ole.cdac.com (Pat Myrto)
To: bugtraq@crimelab.com
Date: Mon, 17 Oct 94 19:50:04 PDT
In-Reply-To: <Pine.3.89.9410171522.F7928-0100000@kryten>; from "Jonathan M. Bresler" at Oct 17, 94 3:27 pm
"In the previous message, Jonathan M. Bresler said..."
>
> On Mon, 17 Oct 1994, Steve Davis wrote:
>
> > possible if a) you have source, and b) you're a competant enough
> > programmer to #ifdef the necessary bits of code into oblivion.
> >
> > Unfortunatly, a) is rarely true. It'd be nice if vendors would ship
> > their products secure.
>
> excuse me, but FLAME ON!
>
> BUGGER the vendors. what with FreeBSD, linux, NetBSD, 4.4BSD
> Lite and the rest of source code available UNIX operating systems. get
> the source. read the source. use the source. after all its ours now!
> the owner-de-jour of the code has declared 4.4BSD Lite free of taint.
>
> flame off.
>
> anyone want to create drop in replacement packages for sun, sgi
> and the rest of the hardware vendors?
Problem with that approach is that all too often, commercial pkgs
are unusuable (corporations tend to have to use them, and they are
the ones that are screwed by anal-retentive licensing schemes that
even deny reconfig rights or ability to fix bugs).
Another problem is that many of these free OS's are only available or
stable on Intel (PeeCee) platforms. So those wanting more power as
provided by things like Suns, especially the Sun4m or Sun4d archetectures,
HPs, Alphas, etc are kinda screwed and stuck with the trend to go more
and more toward shrink-wrapping and copy protection in OS's, exensions,
and applications.
And as another pointed out - try using Net2 or NetBSD sources, etc
from archives to fix/replace modules in the kernel to deal with
bugs, unwanted 'features' (like SUID scripts), or configurable
limits, etc that the vendor decided to leave out of param.c or
some interpreted config file read at boot time.. Or try using
Net2/NetBSD login src or getty src and make it work properly on
a SysV based OS (as all the new WonderOS's are).
The trend seems to be the user is expected to be some MSDOS refugee
who just plugs in the box, answers a few questions, and will never
really want to fix bugs or holes, or tune the system. Anyone who
does not fit in that mold is regarded as nonexistant. And vendors
have no intent to cfhange their attitudes. They figure the customer
has no choice, so you gotta like it, or lump it. That is the attitude
at Sun, and a couple of others, at least - the attitude being "Vendor
X does this, so we should too"...
So the customer loses.
--
pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence." -- Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.
