Potential Security Problem

greg at sdcsvax.UUCP greg at sdcsvax.UUCP
Wed Nov 30 15:31:56 AEST 1983


We have recently found a security problem that exists in (at least) 4.2BSD
and System V.  It is not immediately obvious if system-wide security is
compromised (and it may not be), but it does make the mutually-suspicious-
subsystem paridigm crackable.  In particular, it allows rogue 5.3 (which is
well known to be very suspicious and private about a number of things) to be
opened far enough so that we have broken its encryption scheme for save files.

I do not wish to broadcast the particular technique since it seems that it
must be cured at the kernel level -- you can't just do something as simple
as shutting off /dev/kmem.  Instead, I would ask that the people responsible
for the maintenence of Unix kernels to get in touch with me via mail and I
will describe the problem.  I would particularly like to hear from people
at Bell, Berkeley, and the other vendors so that they can send whatever
fix is necessary to their own customers.  (If the consensus is that it will
not be a disaster for it to be widely known, I will describe it publicly
at a later time.)

Greg Noel, NCR Torrey Pines    ...!ucbvax!sdcsvax!greg  or  Greg at NOSC



More information about the Comp.bugs.2bsd mailing list