SECURITY BUG IN INTERACTIVE UNIX SYSV386
Joern Lubkoll
lumpi at dobag.in-berlin.de
Fri Feb 15 00:36:39 AEST 1991
chris at alderan.uucp (Christoph Splittgerber) writes:
>In article <KR3NBQQ at dobag.in-berlin.de> lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
>>it seems that your very cute interactive unix System has a nice bug !
>Oh my god - its really true. (on my ISC 2.0.2 *with* co-proc.)
2.02 cannot be made secure. Only 2.2 can be made secure with
co-cpu and setting UAREAUS and UAREARW to zero.
jl
>While we've all been discussing security holes in the file-system and
>talked about SUID and SGID and all that stuff there is a way to break
>everything and it's so goddam easy that it's hard to believe it.
>It's not a security hole, it's a SECURITY ABYSS.
so it is !
>I don't like ISC's upgrate provision clauses and I don't wana pay for this
>bugfix.
i don't want to pay anything too ! And a lot of others won't pay too, I
hope !
>So what to do now ? ..... -:( -:( -:(
refer to alt.suicide
jl
--
lumpi at dobag.in-berlin.de -- "Nothing is the complete absence of everything."
More information about the Comp.unix.sysv386
mailing list