Subject: Re: Removing dm(1)
To: Scott Reynolds <scottr@plexus.com>
From: Curt Sampson <cjs@portal.ca>
List: current-users
Date: 11/19/1997 10:15:32
On Wed, 19 Nov 1997, Scott Reynolds wrote:
> > Why does a non-suid program need a security sweep anyway?
>
> oh, i don't know. you've said it yourself; you can't see the security
> hole, but does that mean it's not there?
It's all a matter of confidence and past experience, isn't it? How
many bugs causing comprimise of another account have come from
badly written suid programs in the past five years? How many from
badly written non-suid programs? It doesn't take a genius to figure
out where the problem lies here.
cjs
Curt Sampson cjs@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc. Through infinite myst, software reverberates
Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.