[2623] in Release_7.7_team
Re: Please strongly consider backing out the zephyr servers
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Mar 5 12:49:40 2001
Message-Id: <200103051749.MAA28112@egyptian-gods.MIT.EDU>
To: John Hawkinson <jhawk@MIT.EDU>
cc: release-team@MIT.EDU, op@MIT.EDU, winzephyr-release@MIT.EDU
In-Reply-To: Your message of "Mon, 05 Mar 2001 11:07:43 EST."
<200103051607.LAA27132@multics.mit.edu>
Date: Mon, 05 Mar 2001 12:49:16 -0500
From: Greg Hudson <ghudson@MIT.EDU>
(cc changed from pismere to winzephyr-release per Tom's mail.)
> b) Reverting the code will break interrealm zephyr with CMU again.
Oh, we can pretty easily revert the checksum change without reverting
all the interrealm stuff. So the only issue is:
> a) Reverting the code re-introduces a security vulnerability with
> respect to forging subscriptions.
Regardless of whether there are known exploits, I'd like this
vulnerability gone. I think reverting the server code is likely to
mean the vulnerability will be with us for a very long time, since it
will take the pressure off of fixing winzephyr.
If we have current winzephyr users who are not technically savvy
enough to be prepared to upgrade, then that's unfortunate, because
they are testers. But there is a limit to how much IS should keep
promises it never made.
> There is no currently available upgrade path (i.e. WinZephyr release
> that correctly sends subscription messages authentically).
I've volunteered to help Ian fix the winzephyr code. I don't know how
fast he can put out a release.
