From owner-freebsd-security  Tue Jul 29 14:23:40 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA13916
          for security-outgoing; Tue, 29 Jul 1997 14:23:40 -0700 (PDT)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA13910;
          Tue, 29 Jul 1997 14:23:35 -0700 (PDT)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id OAA09789; Tue, 29 Jul 1997 14:23:36 -0700 (PDT)
To: Vincent Poy <vince@mail.MCESTATE.COM>
cc: Gary Palmer <gpalmer@FreeBSD.ORG>, Nate Williams <nate@mt.sri.com>,
        "Jonathan A. Zdziarski" <jonz@netrail.net>, security@FreeBSD.ORG,
        JbHunt <johnnyu@accessus.net>, "[Mario1-]" <mario1@PrimeNet.Com>
Subject: Re: security hole in FreeBSD 
In-reply-to: Your message of "Mon, 28 Jul 1997 22:35:36 PDT."
             <Pine.BSF.3.95.970728223008.3844u-100000@mail.MCESTATE.COM> 
Date: Tue, 29 Jul 1997 14:23:36 -0700
Message-ID: <9785.870211416@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> =)4) did you LEARN from this experience? If not, *WHY* not?
> 
> 	Ofcourse... never trust anyone on the system.  Too bad there

Erm - I guess that answers the question:  You didn't. :-)

The moral to this story wasn't that you should never trust anyone on
the system - that's a given anyway and you should know basic things
like that before ever even thinking of selling your services as a
system admin.

The real moral here is that you should be able to trust your admins to
properly secure your system and make contingency plans beforehand
for when and if the worst happens.

					Jordan