LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Answers to FAQ about the recent fixes (17B-001o to 17B-003o)

Eric Thomas <[log in to unmask]>

Tue, 7 Apr 1992 16:06:31 +0200

text/plain (52 lines)

I have received  a lot of private mail regarding  the fixes released over
the  weekend.  Because  over  200  sites are  affected,  I  cannot  reply
individually to everyone, in particular  not to questions which have been
answered on the list.
 
If you have  no read the descriptions  of the 3 fixes in  question, do so
before reading  any further or  asking me  something. The answer  to your
question is probably in the description.
 
Everyone should install the  first fix. It is a good  idea to install the
second fix even if you don't run CMS  6-8. It is a harmless waste of your
time to install the third fix if your copy of LSWCWRT MODULE is readable.
 
The only purpose of the third fix is to make it possible for people whose
LSWCWRT MODULE  was destroyed to order  a new copy without  having to ask
me, so that I  don't have to ship 100 copies manually.  I did send copies
to the first few that asked, but  eventually gave up. If you asked me for
a copy and didn't receive it yet, do not wait for me to send it!
 
If you  tried to install  the third fix before  the second one  (and were
told that a  pre-req was missing), the installation of  the third fix may
fail  even  after applying  the  second  one.  This  is because  CARD  is
NUCXLOADed, so you  are still using the old copy;  just NUCXDROP CARD and
re-install the third fix. It does not  happen if you install the fixes in
the right order because the state of your A-disk will not trigger the bug
in that case (it would be long to explain).
 
If you inadvertently  lost some of the  messages I posted, do  not ask me
for a copy! Get  it from the list archives, it is faster  for both of us.
If you  don't know how  to access  list archives, now  is a good  time to
learn (TELL  LISTSERV INFO  DATABASE). If  you don't  have time  for such
things, try for  a few seconds to  think up reasons why  I would consider
your time  more precious than mine,  and come by yourself  to the obvious
conclusion,  thus saving  yourself the  time needed  to lecture  me about
imaginary "duties".
 
I am indeed very sorry to have  written code with a security exposure - I
never claimed to be perfect. This does  not however mean that I have time
to reassure 50 people individually and confirm that command so and so was
indeed the right one to type. Even  if you typed the right command, all I
can say is that you ran the  program that installs the fix, which for all
I know might have failed or might  be buggy. You might have had the wrong
disks accessed,  and so  on. There  is no way  I am  going to  confirm to
anyone that the  exposure is gone based  on a console log  or command you
typed, because it simply proves nothing! The only way to confirm that the
exposure is gone  is by poking it  and finding out that  the wall doesn't
yield. If  you want me  to do that,  say so very  explicitly so I  know I
won't get sued if  I do it, and I still won't do  that without a good bit
of convincing.
 
  Eric

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM