SECURITY BUG IN INTERACTIVE UNIX SYSV386

James Howard jrh at mustang.dell.com
Sat Feb 16 11:46:43 AEST 1991 

In article <1991Feb15.035643.5542 at jwt.UUCP>, john at jwt.UUCP (John
Temples) writes:
> In article <15126 at uudell.dell.com> jrh at mustang.dell.com (James Howard)
writes:
> >I have tried the program posted earlier on both Dell 
> >SVR3.2 (which is ISC 2.0.2 based) and Dell SVR4.0 (not in any way 
> >related to ISC ;-) ).  It core dumps faithfully on both.  
> 
> Based on what I've read here (not just in regards to the security
> hole), I'm starting to get the feeling that Dell is the only UNIX
> vendor that has its act together.  I think I might just buy Dell's
> SVR4.0 even though upgrading my ESIX will probably be cheaper.
> -- 
> John W. Temples -- john at jwt.UUCP (uunet!jwt!john)

Let me attempt to correct an oversight in my original post.  I tested the 
posted source on a 3.2 machine running here internally, but it was a 486
machine, not a 386.  It did not display the bug, but of course, it did
have the 486 internal equivalent of a 387, which might have affected the
test.  To be sure, I later tried it on several 386 systems without a 
mathco, and it still did not display the bug.   I should have been more
careful before posting that it did not occur, although it turned out to
be true anyway. 

It has been posted elsewhere in this thread that AT&T 3.2.1 does not 
have this bug.  Dell UNIX 1.1 (which is generally described as based on
ISC 2.0.2 sources) was a merge of ISC, AT&T 3.2.1, and Dell 1.0 code
bases.  The likely explanation for why Dell does not display a bug
in a UNIX release based on ISC source, is that ISC did not merge in all
of the AT&T fixes for 3.2.1, pure supposition on my part however.

So, now for the facts, right?   The following machine configurations were
tested, and did not display the bug.  The test was done by compiling the
source as posted here on USENET.  

System		CPU / MathCo		OS / Release
-------------------------------------------------------
Dell 325	386 / NONE		Dell SVR3.2 / 1.1
Dell 325	386 / 387		Dell SVR3.2 / 1.1
Dell 425E	486 / Builtin		Dell SVR3.2 / 1.1
Dell 325P	386 / 387		Dell SVR4.0 / 2.0
Dell 325P	386 / NONE		Dell SVR4.0 / 2.0
Dell 325	386 / NONE		Dell SVR4.0 / 2.0
Dell 425TE	486 / Builtin		Dell SVR4.0 / 2.0

I believe this covers the cases where it might be a problem, as well
as a fairly wide range of hardware.  If a Dell customer has the bug,
it might be with Dell UNIX 1.0, which did not have the 3.2.1 fixes
applied.  Such a customer should contact Dell Technical Support or send
mail to support at dell.dell.com (or support at uudell.dell.com) to inquire as
to bug a fix.  I did not test Dell UNIX 1.0, because I could not locate
a system in house running the older version software.  I would very much
like to hear from anyone with Dell UNIX that is experiencing the bug
described above.


James Howard        Dell Computer Corp.        !'s:uunet!dell!mustang!jrh
(512) 343-3480      9505 Arboretum Blvd        @'s:jrh at mustang.dell.com
                    Austin, TX 78759-7299

More information about the Comp.unix.sysv386 mailing list