[346] in bugtraq
Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
daemon@ATHENA.MIT.EDU (Bill Nickless)
Sun Dec 4 15:23:04 1994
Date: Sun, 04 Dec 1994 12:49:23 -0600
To: manson@santafe.edu, bugtraq@fc.net
From: nickless@mcs.anl.gov (Bill Nickless)
At 01:02 PM 12/3/94 -0500, Bob Manson wrote:
>I have a basic problem with partial disclosure: who decides who is
>"eleeet" enough to receive the full disclosure? If you're not in the
>"in crowd", you lose. And that's fine with me, ultimately--if 8lgm
>decides they don't want to do full disclosure, that's up to them. But
>that doesn't mean the rest of us can't and won't disclose everything
>that we know in a free environment.
This rings true to me. Take the bug that bit IBM a couple of months ago
regarding the interaction between logind and login. Many people at our site
beat on IBM because of such a wide hole that had been fixed in other systems
long before. But they had no answer when I asked "so if you worked at IBM,
who could you ask to get a list of known security holes in BSD or whatever
so that you could make sure your operating system has fixed them?"
--
Bill Nickless nickless@mcs.anl.gov +1 708 252 7390
http://www.mcs.anl.gov/people/nickless