Merit Joint Technical Staff
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: SunOS 4.1.1 Security hole
- From: Mark Knopper
- Date: Mon Sep 16 02:09:44 1991
I have received a reply from CERT to the effect that Sun will be
fixing this in their next SunOS release.
Mark
> From: peirce@gumby.cc.wmich.edu (Leonard J. Peirce)
> To: "Mark Knopper" <mak@merit.edu>, "Larry J. Blunk" <ljb@merit.edu>
>
>
> >I have sent a query to the CERT (computer emergency response team)
> >at Carnegie Mellon University to find out if this is a known problem
> >and if steps are being taken to resolve this. Presumably it should
> >be known throughout the internet community, people should know how
> >to edit this file to avoid the problem, and Sun should be convinced
> >to stop releasing their system this way in new releases. I'll let
> >you know if they respond.
>
> I talked to Sun about this hole a few years ago and the response was that
> there are so many novice system administrators out there that it was easier
> to ship hosts.equiv that way so that everything can talk to everything when
> machines are booted. I suggested that they make it an option during the
> installation procedure or at least mention in big, bold letters that they
> might want to change it after the system is installed; the person I talked
> to just kind of mumbled.
>
> Thanks Sun....
>
> - Leonard
- - - - - - - - - - - - - - - - -
|
