From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,d89b08801f2aacae
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2002-05-26 15:51:04 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!cyclone.bc.net!news-hog.berkeley.edu!ucberkeley!newshub.sdsu.edu!west.cox.net!cox.net!news-east.rr.com!chnws02.ne.ipsvc.net!cyclone.ne.ipsvc.net!24.128.8.70!typhoon.ne.ipsvc.net.POSTED!not-for-mail
Message-ID: <3CF16734.8060300@attbi.com>
From: "Robert I. Eachus" <rieachus@attbi.com>
Organization: Eachus Associates
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
X-Accept-Language: en,pdf
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Is strong typing worth the cost?
References: <Xns91FEB85DCA09Cderekknosofcouk@62.253.162.108>
 <Xns9201F90F50C5derekknosofcouk@62.253.162.108>
 <82347202.0205010735.1d1a66c3@posting.google.com>
 <Xns9201C885373ADderekknosofcouk@194.168.222.64>
 <3CD06A79.328F20BD@boeing.com> <3CD122DC.11A07036@brighton.ac.uk>
 <3CD16729.E695572@san.rr.com> <aatntc$gvt$1@a1-hrz.uni-duisburg.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Sun, 26 May 2002 22:46:51 GMT
NNTP-Posting-Host: 24.61.239.24
X-Complaints-To: abuse@attbi.com
X-Trace: typhoon.ne.ipsvc.net 1022453211 24.61.239.24 (Sun,
 26 May 2002 18:46:51 EDT)
NNTP-Posting-Date: Sun, 26 May 2002 18:46:51 EDT
Xref: archiver1.google.com comp.lang.ada:24841
Date: 2002-05-26T22:46:51+00:00
List-Id: <comp.lang.ada>

Darren New <dnew@san.rr.com> wrote:
> 
> So who would you sue for the Morris worm that took advantage of a
> similar hole in sendmail?


It depends, and if you were not flipping off a one liner, you would know 
that some people did end up taking the heat.

The "bug" in Unix sendmail had been fixed, and the patch was available 
for older systems.  If your system was at risk--to that threat of the 
Morris worm--then you had an older Unix system which had not had the 
security patch applied.  If it got in by copying the /etc/passwd/ file 
via NFS and cracking it, then your error was in not having a shadow 
password file, or permissions set correctly on it.