>>>>> "DS" == Dave Shield writes:

DS> We'll need to tread carefully, though. There will be
DS> hundreds of existing installations that are working quite
DS> happily, and we'll need to ensure that a default config
DS> continues to send traps.

DS> (I realise that such an approach is an anathema to security
DS> experts, but said security experts don't typically maintain the
DS> users list! ;-) )

Actually, not necessarily... The point is that you don't do something
the user's didn't expect. I'm quite sure when a user says "create a
trap sink with community XXX" it would expect those to be authorized
to go out.

(what is wrong, is that we allow incoming MIB SET requests configure a
system that allows traps to go out without checking the authorization
to do so).

Wes Hardaker
Sparta, Inc.

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Net-snmp-coders mailing list