Re: (PM) Feature Request (was SECURITY PROBLEM.)

Christopher E. Brown (cbrown@denalics.net)
Thu, 9 Jul 1998 11:06:27 -0800 (AKDT)

On Thu, 9 Jul 1998, John Gonzalez/netMDC admin wrote:
>
> Okay, i want to add my 2 cents. 1.) Livingston should fix the problem.
> That goes without saying, it is a potential security risk, the question
> is, how far on the scale up is it? This is a user/hardware problem,
> meaning, that IF you do your job right, you will not have to worry about
> it. Sure, your telnet session may close, and you may not be able to set
> debug off, but if that happens, telnet in and close the session. How hard
> is that? This would be like saying "YOU HAVE TO MAKE UNIX LOG ROOT OFF IF
> I LEAVE THE CONSOLE!!!!" You should be responsible for logging root off,
> and making sure that it is done properly. Not the unix vendors. Try and
> take a little responsibility for your actions in the future.

Sorry, this is a totally non valid compare more many reasons. If
I leave my console with root logged in this is stupid yes, but random
users from another country cannot teleport into my office, unlike a
network user sho can telnet into my network. A more fair compare would be
telnetting into a *nix box, even if a root session gets dropped, IT DOES
NOT SPIT OUT CLEARTEXT PASSWDS TO WHOEVER TELNETS IN!

----------------------------------------------------------------------------
Christopher E. Brown (CB421) <cbrown@denalics.net> +907 357-4970

First Law of System Requirements:
"Anything is possible if you don't know what you're talking about..."
----------------------------------------------------------------------------


-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>