On Wed, 27 Jul 2005, Andre Venter wrote:
There are obvious possibilities with Netcat if used incorrectly, if this is the company Security Policy then I would imagine that there are examples of a running system in your organization where Netcat has been removed. Also anything with a dependancy on netcat will cease to function correctly.
((Please don't write TAFB (Text above. Full quote below). Please don't answer to the list /and/ the author. Please don't prefix the subject with this shitty "[suse-security]" nor do it on any other mailing list. There are much more suitable headers in mailing list mails to sort with than the subject header!)) It is indeed quite often the case that a company has such a security policy. But what I mean is that such an incarnation of a security policy is rubbish. Imagine a VIP disco (for the case that "disco" is uncommon: A place where loud music is played and where the drinks are expensive) where your girlfriends pocket is checked for knifes but your jacket not for guns. You remove the obvious knife "netcat" but do don't even check the jacket "yast" for a gun where "gun" might even mean that it does changes somewhere where you wouldn't want it to change things if you would know about it... (Certainly "gun" could also mean that there are trojans or security holes in this monster application) Regards Henning Hucke -- TAX OFFICE: Den of inequity.