mailing list archives
Re: Linux NIS security problem hole and fix
From: root () iifeak swan ac uk (System Administrator)
Date: Fri, 8 Sep 1995 10:38:38 +0100
I was told by someone that this hole is "well known" and has been discussed
on the LINUX security list for a while now. A few people have emailed me
telling me what it was too, so it is obvious that this is "known" about.
It was reported, noted and fix a long time ago.
I am now even more a believer of full disclosure. We purchased a commercial
version of LINUX just a little while ago, and the hole exists. How am
I supposed to protect stuff if I don't even know about it? Sigh....
Bugtraq and the linux-security mailing lists are probably the best resources.
We do also pass Linux bugs onto cert but while people like dfn-cert (germany)
actively log and issue info about such things US cert appears a total waste
of effort. I think every actual alert that linux-security finds also gets
CERT advised me of the above fix. They couldn't test the fix since they
don't have a LINUX machine anywhere. Pretty incredible that no one at
CERT runs a free Unix that can run on a 386 with 4 megs...
I'll have a word with a few people. Maybe a vendor will send them a free CD
if I point this out to them.