Subject: Re: Do security bug reports disappear ?
To: None <firstname.lastname@example.org>
From: Mike Long <email@example.com>
Date: 03/10/1997 14:56:19
>Date: Mon, 10 Mar 1997 17:01:10 +0100 (MET)
>From: Erik Bertelsen <firstname.lastname@example.org>
>Anyway, my problem was quite simple: recently /usr/src/etc/aliases was
>augmented with a new alias (decode) that /etc/security will complain about
>each day, which is rather silly.
The /etc/security test is overly simplistic. What it should be
looking for is the old BSD alias:
The security problems of such an alias should be obvious.
What it does look for is *any* alias for decode; that means that our
'standard' src/etc/aliases will fail because it forwards decode's mail
to root. The /etc/security test should be fixed to eliminate this
false positive result.
Mike Long <email@example.com> <URL:http://www.shore.net/~mikel>
VLSI Design Engineer finger firstname.lastname@example.org for PGP public key
Analog Devices, CPD Division CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA (eq (opinion 'ADI) (opinion 'mike)) -> nil