Puzzle of the Day
You discover a security flaw in the operating system on your company's
computer. The flaw enables any user to read any other user's files,
regardless of their protection. You have several choices: you can keep
quiet and hope no-one else discovers the flaw, or tell the company, or
tell the system vendor, or announce it on the Internet.
-
Suppose an exploitation of the vulnerability could be prevented by
proper system configuration. Which of the above courses of action would
you take, and why?
-
If an exploitation of the vulnerability could be detected (but not
prevented) by system administrators, how would this change your answer
to question 1?
-
Now suppose no exploitation of the vulnerability can be detected or
prevented. Would this change your answer, and if so, how?
You can also see this document as a
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 1/23/97