Subject: Re: Do security bug reports disappear ?
To: None <>
From: Mike Long <>
List: tech-security
Date: 03/10/1997 14:56:19
>Date: Mon, 10 Mar 1997 17:01:10 +0100 (MET)
>From: Erik Bertelsen <>

>Anyway, my problem was quite simple: recently /usr/src/etc/aliases was
>augmented with a new alias (decode) that /etc/security will complain about
>each day, which is rather silly. 

The /etc/security test is overly simplistic.  What it should be
looking for is the old BSD alias:

decode: "|/usr/bin/uudecode"

The security problems of such an alias should be obvious.

What it does look for is *any* alias for decode; that means that our
'standard' src/etc/aliases will fail because it forwards decode's mail
to root.  The /etc/security test should be fixed to eliminate this
false positive result.
Mike Long <>     <URL:>
VLSI Design Engineer         finger for PGP public key
Analog Devices, CPD Division          CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA       (eq (opinion 'ADI) (opinion 'mike)) -> nil