The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 53

Sunday, 1 March 1987


o Setuid Patent
Lindsay F. Marshall
o On PGN's editorial comment on human misuse of computers
Eugene Miya
o An aside on the B-1
Eugene Miya
o Autolander discussion
Nancy Leveson
o Re: Air Traffic Control, Auto-Land
Dean Pentcheff
o Electronic Steering
Ray Chen
Herb Lin
o Info on RISKS (comp.risks)


From: "Lindsay F. Marshall" <>
Date: Fri, 27 Feb 87 13:52:19 gmt
Subject: Setuid Patent

Can we knock this one on the head once and for all?  The patent for this did
exist but was allowed to lapse by AT&T.  The proper use of setuid is of course 
NOT nonsecure and does allow the easy implementation of certain facilities. 
Badly used, yes it can be nonsecure, but don't knock it because of that!!

         [It is precisely BECAUSE it allows easy implementation that it is
         so frequently misused -- by people who don't know better.  Use of
         "setuid" opens up the possibility of a variety of security flaws,
         including Trojan horses, search-path traps, etc., and tends to
         substantially widen the perimeter of trust.  I'm not sure that
         anyone knows how to characterize "proper use" completely -- if
         it is indeed possible at all.  PGN]

On PGN's editorial comment on human misuse of computers

Eugene Miya <>
Fri, 27 Feb 87 09:43:48 PST
I read this today and wonder if I would really regard this as a risk.  We
have Use, Abuse, and Misuse.  I sometimes (emphasis) like to believe that
the last two are not possible -- that a different word is needed.  Yes, I
acknowledge that the Mafia can use dBase II, or the people at kremvax use
Lotus on separate PCs ;-).

Remember: light behaves like a particle on MWF and a wave on TTS.  This might
be a useful technique.

--eugene miya
  NASA Ames Research Center

[We also include part of Eugene's respose to Brian Randell:]

  Subject: Re: RISKS and human errors
  Date: 27 Feb 87 11:08:07 PST (Fri)

  What a wonderful thing to see:

    >  Today I telephoned Prof Reason, and had a very interesting chat with
    >  him. We have arranged that he will come and give a talk ...

  It upholds some faith in the value of television.

  You might ask Dr. Reason [interesting name] about the role in the past of
  things such as ritual, mnemonics and (devices) [programmes] as this was the
  way things were done in the past before writing, and it also probably helped
  with the development of such arts as poetry.  I think this is important (if
  you have not realized this) because of proposals for nuclear waste include
  monuments and the creation, literally, of a "priesthood" to deal with
  nuclear waste.  Could similar such priesthoods develop for computers (some
  would say we have such now)?

  A follow-up report on Dr. Reason's seminar would be most interesting.
  I wish I could attend.  Thank the net.

  --eugene miya,   NASA Ames Research Center

    [The 19th Century English characturist Thomas Rowlandson had a favorite 
    character named Dr Syntax -- who somehow still seems relevant today.

    By the way, I wanted to close the loop on Eugene's comment, "I think an 
    apology is in order", and MY apology in RISKS-4.52.  Eugene's subsequent 
    reply suggests that maybe I overreacted to HIS comment --  HIS later 
    response suggests (rather modestly) that the original comment might have
    been intended to imply that HIS apology was in order.  But that was much
    too kind of him.  (A still later comment from him could be interpreted
    still differently, so I'll just leave it the way it was in RISKS-4.52.)

An aside on the B-1

Eugene Miya <>
Fri, 27 Feb 87 10:44:29 PST
Sigh!  This hits home.  When I was in high school, I had a job with
North American Rockwell designing parts for the B-1 after school.
Three stiffeners are mine.  It was always interesting to be sitting
trying to figure out how to design something when some one would walk
in with a requirement for a hole (right there).  Why?  Avionics.  Nothing
more would be said.  You were not supposed to ask as an airframe person.
Interesting to see that all this comes back to the avionics people.

   [This provides an interesting lesson to programmers who don't understand
   the environment in which a program is expected to run.
   In response to my query of Eugene on "stiffeners", he replied thusly:]

Angle brackets used in homes are stiffeners.  They fit into corners to make
the structure more rigid.  Interesting asides: there are two philosophies in
building aircraft.  (I was told this as a young engineer, and I passed it on
the space group recently WRT multi-piece SRB design.)  You make can make
aircraft from a few large pieces, or from many small pieces.  Boeing is a
big pieces company and Rockwell (my ex while in HS) was a small-pieces
company.  Tradeoffs in both directions: like multics and unix, pl/1 and c.


Autolander discussion

Nancy Leveson <nancy@ICSD.UCI.EDU>
27 Feb 87 15:20:45 PST (Fri)
I am a little confused about all the recent discussion in Risks about
pilot problems with autolanders, etc.  I read a paper written in the 
early 70's about how the autolander for the L1011 was verified.  So 
there are already autolanders in operation and have been for a long time.  
Yes, they use analog computers rather than digital computers, which 
makes a difference in implementation techniques and perhaps reliability, 
but should make no difference from the pilot's point of view.   Perhaps 
I am missing something here?   Does a digital autoland system perform
different functions than an analog one?

Re: Air Traffic Control, Auto-Land (RISKS DIGEST 4.51)

Dean Pentcheff <>
Wed, 25 Feb 87 21:48:55 PST
I would be equally unhappy being a passenger in an autolanding plane as
I would be living in a chronic state of "launch-on-warning" nuclear
policy.  In either case the machinery makes the ongoing critical
decisions, and the people supervising it just *might* be able to notice
a problem, acquaint themselves with recent system actions, and make the
appropriate correction (if still possible).  In indeterminate, complex
situations such as strategic nuclear systems and plane landings, I am
much happier if the (admittedly fallible) humans are making the ongoing
decisions, with a possibility that machinery might notice a problem and
warn them.  The "supervisors" stand a much better chance of being able
to react appropriately to an unexpected situation if they have the
"feel" of the system by already having been in control of it.

-Dean   (
-University of California, Berkeley   Department of Zoology

     [The home of nonviolet resistance and inviolet principles!  PGN]

Electronic Steering

Ray Chen <chen%gt-stratus%gatech.csnet@RELAY.CS.NET>
Thu, 26 Feb 87 23:06:09 EST
Miliary aircraft not only get maintained more often than the average
car, but they are also designed and manufactured to more exacting and
demanding specifications than their civilian counterparts.  Military
hardware in general is designed to operate correctly in wider range of
operating conditions and more thoroughly tested.

Military software must also meet certain coding standards and go
through formal verification testing before being approved.

Now, none of this guarantees that all errors are caught (especially
the software errors).  You do, though, have some guarantees about
whatever can be tested properly such as component quality, and

Given the amount of testing and verification a MIL-spec steer-by-wire
car would have to endure before being accepted, I might consider driving
a steer-by-wire car with software that had been coded and tested under
military specs and ran on MIL-spec, RFI-shielded hardware.

Given the history of electronic ignition systems however, I wouldn't come
near a steer-by-wire car that had been developed and manufactured to
                    Ray Chen

Electronic steering

Sat, 28 Feb 1987 12:54 EST
We pay fighter pilots to take large risks.  Furthermore, combat jets
are not generally regarded as the ultimate in safety, since they
sacrifice a lot to get high performance.

   [OK, gang, that is probably enough on this topic for now.  Thanks.  PGN]

Please report problems with the web pages to the maintainer