Date: Thu, 31 Oct 1996 12:44:46 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: terry@lambert.org (Terry Lambert) Cc: scrappy@ki.net, terry@lambert.org, wollman@lcs.mit.edu, jgreco@brasil.moneng.mei.com, current@freebsd.org Subject: Re: /var/mail (was: re: Help, permission problems...) Message-ID: <199610311844.MAA28303@brasil.moneng.mei.com> In-Reply-To: <199610311823.LAA25640@phaeton.artisoft.com> from "Terry Lambert" at Oct 31, 96 11:23:32 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > He is also the principle author (apparently) of IMAP4, a highly > > > desirable piece of software for anyone with a 1995 or later mail > > > client. > > Agreed...which is why I brought this whole discussion into here... > > > > From what Mark has said, about the only way I can think of for > > getting this *obvious* security bug fixed is to, either: > > [ ... ] > > > IMHO...what having .lock locking capabilities in IMAP4 is > > doing is encouraging system administrators to use NFS mounted mail > > spools, instead of *teaching* system administrators to *not* setup > > their systems that way... > > Or publicize the denial of service attack in the news groups where > IMAP4 is discussed and hope someone uses it. TERRRY! That is perfectly irresponsible :-) As tempting as it may be, and even though I do not believe in security through obscurity as a first line of defense, I do believe that there is some value to security through obscurity. We would be doing less-sophisticated operating systems a great disservice. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610311844.MAA28303>