Bugtraq mailing list archives
Re: Internet Worm
From: rwing!pat () ole cdac com (Pat Myrto)
Date: Mon, 17 Oct 94 19:50:04 PDT
"In the previous message, Jonathan M. Bresler said..."
On Mon, 17 Oct 1994, Steve Davis wrote:possible if a) you have source, and b) you're a competant enough programmer to #ifdef the necessary bits of code into oblivion. Unfortunatly, a) is rarely true. It'd be nice if vendors would ship their products secure.excuse me, but FLAME ON! BUGGER the vendors. what with FreeBSD, linux, NetBSD, 4.4BSD Lite and the rest of source code available UNIX operating systems. get the source. read the source. use the source. after all its ours now! the owner-de-jour of the code has declared 4.4BSD Lite free of taint. flame off. anyone want to create drop in replacement packages for sun, sgi and the rest of the hardware vendors?
Problem with that approach is that all too often, commercial pkgs are unusuable (corporations tend to have to use them, and they are the ones that are screwed by anal-retentive licensing schemes that even deny reconfig rights or ability to fix bugs). Another problem is that many of these free OS's are only available or stable on Intel (PeeCee) platforms. So those wanting more power as provided by things like Suns, especially the Sun4m or Sun4d archetectures, HPs, Alphas, etc are kinda screwed and stuck with the trend to go more and more toward shrink-wrapping and copy protection in OS's, exensions, and applications. And as another pointed out - try using Net2 or NetBSD sources, etc from archives to fix/replace modules in the kernel to deal with bugs, unwanted 'features' (like SUID scripts), or configurable limits, etc that the vendor decided to leave out of param.c or some interpreted config file read at boot time.. Or try using Net2/NetBSD login src or getty src and make it work properly on a SysV based OS (as all the new WonderOS's are). The trend seems to be the user is expected to be some MSDOS refugee who just plugs in the box, answers a few questions, and will never really want to fix bugs or holes, or tune the system. Anyone who does not fit in that mold is regarded as nonexistant. And vendors have no intent to cfhange their attitudes. They figure the customer has no choice, so you gotta like it, or lump it. That is the attitude at Sun, and a couple of others, at least - the attitude being "Vendor X does this, so we should too"... So the customer loses. -- pat@rwing [If all fails, try: rwing!pat () eskimo com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.
Current thread:
- Re: Internet Worm, (continued)
- Re: Internet Worm Perry E. Metzger (Oct 18)
- Re: Internet Worm Christine R. Gressley (Oct 17)
- r commands Aleph One (Oct 17)
- Re: r commands Perry E. Metzger (Oct 18)
- Re: r commands Fred Kuhns (Oct 18)
- Re: Internet Worm Bennett Todd (Oct 17)
- PLEASE UNSUBSCRIBE Cpt Danger (Aug 20)
- PLEASE UNSUBSCRIBE ME Mike Roemmich x71633 - ESO (Oct 18)
- Re: Internet Worm Julian Assange (Oct 18)
- PLEASE UNSUBSCRIBE ME Mark McPherson (Oct 17)
- Re: Internet Worm Pat Myrto (Oct 17)
- Re: Internet Worm David Miller (Oct 17)
- PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
- Re: Internet Worm Fred Kuhns (Oct 18)
- Internet Worm Source Code Michael S. Hines (Oct 17)
- rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)