mailing list archives
Re: Compaq CIM UG Overwrites Legal Notice
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Sun, 5 Sep 1999 03:28:53 -0400
On Wed, 01 Sep 1999 18:07:32 PDT, "Free, Bob" <RWF4 () PGE COM> said:
reboot. When the installation is completed after rebooting, these keys are
cleared and your legal notice is gone.
Having installations that blow away files *intended* for user configuration
is always Very Bad Juju.
If your security policies are reliant on legal notices this is not a good
OK.. I admit I'm reading it at 3AM, and it took 3 retries before I parsed
this sentence the way you intended. I kept reading it as "this" being
the reliance, not the bug. It took 2 more reads before it sank in that
parsed either way the sentence was still probably true. Having legal
notices dissapear is a Bad Thing, and having policies that require them
may be a Bad Thing too...
Can anybody out there cite case law or statute where having a legal
notice actually makes a difference, in the case of a scriptz kiddy
exploit that rarely, if ever, sees a legal notice? I'm aware of
the old "welcome to VMS" issue regarding the lack of a notice when the
user logged in normally. This is the opposite - entering a system
via a means never intended to have a legal notice. Could a login
banner be self-defeating, if a hacker doesn't login?
In any case, if your security policies are *reliant* on notices, as
opposed to including them as one *small* part of a total solution,
you're probably already 0wned... ;)
Computer Systems Senior Engineer