Re: Need source routing prog

[nlawson () statler csc calpoly edu (Nathan Lawson)]

> since I graduated college.  The only real programming experience I have is in
> Modula-2 (talk about worthless) so the easiest way for me to understand exactly
> how a hole can be exploited and what needs to be done to fix it is to get a
> program that exploits the hole and then go through the code of the program and
> find out what it is doing.  So there is what I feel is a legitimate need.
> Besides, who are we to decide who is worthy of an expliot and who is not.  If
> you don't want to give someone a particular package then don't and don't go 
> tell the rest of the list not to either.  Otherwise give the person what they
> want.
>
> BTW, anyone know where I can get the 'nfsbugs' package.  I want to see if it
> can guess our NFS file handles.  And if you really don't trust me then
> telnet to rclsgi.eng.ohio-state.edu or rclsgi[1-46].eng.ohio-state.edu port 25
> and expn root and you will see my name.  Proof enough that I at least have
> valid root access?

NFSbug is found on coast.cs.purdue.edu:/pub/tools/unix/nfsbug*
As for exploits, I think both sides of the argument have valid points, but this
is not the place to discuss it.  Anyone who wants to talk about full disclosure
vs. partial can join the list created for that purpose.

-- 
Nathan Lawson   | "One of the advantages of using UNIX to teach an operating
CSL 490 Admin   |  systems course is the sources and documentation will easily
756-7180 @Work  |  fit into a students briefcase."  -- John Lions (1976)