Rick Adams (firstname.lastname@example.org)
11 Nov 88 20:57:16 GMT
At the very least, you should mail the suspected (or proven) problem
to Berkeley. They do listen.
There's no security argument against sending it to Berkeley. Let them
decide to post it or not (if you have doubts yourself).
There is no legitimate reason to keep things like that to yourself.
(and Berkeley is aware of the details of the setuid shellscript bug.
They know of no fix other than to stop using setuid shellscripts. Thats
the bug fix they posted. They chose not to post the bug, but the
only fix they knew)
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT