SECURITY BUG IN INTERACTIVE UNIX SYSV386
Joern Lubkoll
lumpi at dobag.in-berlin.de
Wed Feb 13 23:20:18 AEST 1991
kdenning at pcserver2.naitc.com (Karl Denninger) writes:
>In article <KR3NBQQ at dobag.in-berlin.de> lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
>>It was a long process of thoughts about this, but now, after half
>>a year of disput with interactive, here it finally is:
>>
>>--- jl
>>
>>Hello you at Interactive Systems Coporation !
>>
>>it seems that your very cute interactive unix System has a nice bug !
>>
>>EVERYONE you has access to a shell and a compiler or an interactive
>>System at home (to upload binaries) CAN BECOME ROOT.
>.... details deleted.
>Needless to say, I am most disappointed with ISC on this one. I am even
>more disappointed with the apparent fact that they seem to have known about
>this for quite some time, and ignored it.
>Well, now it can't be ignored.
That was my hope in posting this. I'm going to fax it to the mayor unix
magazines in the world, just to make the effect a little harder to ignore
for ISC.
I think there will be a bug fix very soon :-)
jl
--
lumpi at dobag.in-berlin.de -- "Nothing is the complete absence of everything."
More information about the Comp.unix.sysv386
mailing list