Re: IRIX 5.2 Security Advisory

[karyn () cheetah llnl gov (Karyn Pichnarczyk)]

I'd like to get this IRIX thing under control.  I've been talking to
the people at SGI and they are definitely aware of all this traffic
and are, as I type this, working on getting this whole issue settled.

First of all, I'm sending this to everyone that max () gac edu sent his
wrapper program to, but I'd like it to settle into only the correct
newsgroups.  

This isn't a firewalls issue, so I think this letter should probably
be the last message to firewalls on this subject.  I'm guessing
bugtraq is the best place to post this to, so I'd like to recommend
that all followups go to bugtraq, and people can subscribe to it 
themselves (mail to bugtraq-request () cns cscns com, in the text part of
the message say subscribe bugtraq).

CIAC plans to soon put out a bulletin about this vulnerability.  Until
then, the best recommendation I can give is to stand by SGI's
recommendation, and wait for SGI's response.  This way you have a
proven, vendor-tested, vendor-endorsed workaround in the meantime.

I really do appreciate Max's efforts to quickly develop an alternative
to SGI's solution. Since it came out as quickly as it did, I'm unsure
that this wrapper has been tested sufficiently to recommend to the
world at large to install it.

Karyn Pichnarczyk 
CIAC Team