>Date: Mon, 10 Mar 1997 17:01:10 +0100 (MET)
>From: Erik Bertelsen <erik@sockdev.uni-c.dk>

>Anyway, my problem was quite simple: recently /usr/src/etc/aliases was
>augmented with a new alias (decode) that /etc/security will complain about
>each day, which is rather silly. 

The /etc/security test is overly simplistic.  What it should be
looking for is the old BSD alias:

decode: "|/usr/bin/uudecode"

The security problems of such an alias should be obvious.

What it does look for is *any* alias for decode; that means that our
'standard' src/etc/aliases will fail because it forwards decode's mail
to root.  The /etc/security test should be fixed to eliminate this
false positive result.
-- 
Mike Long <mike.long@analog.com>     <URL:http://www.shore.net/~mikel>
VLSI Design Engineer         finger mikel@shore.net for PGP public key
Analog Devices, CPD Division          CCBF225E7D3F7ECB2C8F7ABB15D9BE7B
Norwood, MA 02062 USA       (eq (opinion 'ADI) (opinion 'mike)) -> nil