From owner-freebsd-security  Wed Jul 30 15:53:53 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA10388
          for security-outgoing; Wed, 30 Jul 1997 15:53:53 -0700 (PDT)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA10379
          for <security@FreeBSD.ORG>; Wed, 30 Jul 1997 15:53:50 -0700 (PDT)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id PAA14882; Wed, 30 Jul 1997 15:53:24 -0700 (PDT)
To: Marco Molteni <molter@logic.it>
cc: Vincent Poy <vince@mail.MCESTATE.COM>, security@FreeBSD.ORG,
        "\[Mario1-\]" <mario1@PrimeNet.Com>
Subject: Re: security hole in FreeBSD 
In-reply-to: Your message of "Wed, 30 Jul 1997 14:04:33 +0200."
             <Pine.BSF.3.91.970730134009.197A-100000@dumbwinter.ecomotor.it> 
Date: Wed, 30 Jul 1997 15:53:24 -0700
Message-ID: <14878.870303204@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> Do you think one can be a newcomer as an administrator, but _has_ to know 
> everything about security before he starts to work? Come on!

Actually, if this question is: "Can a newcomer to UNIX be an
administrator" then the answer is a most emphatic "NO."

I don't let the mechanically inept work on my car, either, and I
wouldn't expect a 1st-year UNIX hacker to sell himself as an admin (or
if [s]he did, I certainly bloody wouldn't hire them and would probably
further denounce as a fool anyone who did).

This flame doesn't also actually have a lot to do with Vince directly,
though I do think that he's perhaps a little too inexperienced for the
job he's taken on, but is rather more of a commentary on a highly
disturbing phenomenon which I've observed in far too many ISPs lately.

It seems like becoming an ISP has been the "in" thing to do these last
few years, and many have jumped in with far more enthusiasm than
skill.  I probably get between 2 and 3 calls a week from some ISP
who's completely hosed themselves and, as it turns out, knows NOTHING
about UNIX or any of the infrastructure issues behind building an ISP
and yet they're trying to do it anyway.  What's the deal here?  Did
somebody drop a million matchbooks over the U.S. saying "become an ISP
and make tons of $$$ in your spare time!  No knowledge whatsoever
is required!  Yes, even the legally dead can enter the profitable
world of ..."

:-)

					Jordan