8 Nov 88 18:53:31 GMT
In article <In article <email@example.com>, dre%ember@Sun.COM (David Emberson) writes:
< In article <2060@spdcc.COM>, eli@spdcc.COM (Steve Elias) writes:
< > "Wormer" Morris has quite a career ahead of him, i'll bet.
< > he has done us all a favor by benevolently bashing bsd 'security'.
< I knew about this sendmail bug at least four years ago, courtesy of Matt
< Bishop (now at Dartmouth). He wrote a paper detailing at least a half dozen
< holes in the Unix system and methods for constructing trojan horses which was
< so dangerous that he responsibly decided not to publish it, but instead to
< give selected copies to people who could fix some of the problems. He also
< wrote an article for the Usenix newsletter, ;login, which explained how to
< write secure setuid shell scripts--a major source of security holes. Matt did
< not "benevolently bash" anyone's machines. His behaviour, while unsung by
< the press and the Usenet community, is an example of the highest in profession-
< al and academic standards. This is the kind of behaviour that we should be
Really? In my book, a key component of professionalism is "owning
the problem". That means you work it until it gets fixed. "Giving
selected copies to people who could fix some of the problems"
(they didn't) is not enough. Morris did what was necessary to get
the problems fixed. For that, many of us are grateful. And yes,
some of us LIKE people who "own the problem" until it is solved.
Adam Reed (avr@mtgzz.ATT.COM)
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT