The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #117 [Re: spaf's (and other's) comments] (1 message, 694 bytes)
NOTICE: recognises the rights of all third-party works.


From: Greg Skinner <>
To: phage
Date: Mon 14:43:56 07/11/1988 EST
Subject: Re: spaf's (and other's) comments
References: [Thread Prev: 092] [Thread Next: 139] [Message Prev: 157] [Message Next: 118]

>	Has anyone considered the charge of contributory negligence
> for the writers/distibutors of the code broken in through?

If such a charge could be brought against the authors of sendmail,
fingerd, etc., first of all, they'd all have to be tracked down, which
might be somewhat difficult to do.  For example, does anyone know who
wrote fingerd on suns?  I see no author named in the man page, and
right now I doubt anyone would claim to have written it. :-)

Moreover, the system administrators of the machines broken into would
be responsible as well, because (if they had source) they did not
disable DEBUG when they generated sendmail binaries.

I don't know the law behind this, but it seems very difficult to bring
charges against these people, due to the large number of people
involved.  Speaking personally, I don't think it would be fair ...