SECURITY BUG IN INTERACTIVE UNIX SYSV386

[Paul Guthrie]

I'm sick of people calling this a "gaping
kind-you-can-drive-a-truck-through hole" in UNIX security.  If it
was so gaping, how come it has never come up here before, like so
many other obscure problems?  ISC was fixing this, and if that
idiot had kept his mouth shut, it would have been fixed in time,
without many of us rushing out to buy coprocessors.  He even
admitted it didn't affect his site.  This was an act of pure
stupidity.  If indeed he had been after ISC to get a fix, why wasn't
a note like: "There is a terrible bug in ISC UNIX security that
allows root access instantaneously.  I have mailed the problem to
ISC (or reported the bug) to ISC and will post the problem in 3
months.  The clock is ticking ISC...." posted.  The posting of
source code to crack a system and binaries even was nothing more
than glory-hounding, sort of like saying "See what I know and you
don't".  This person is immature, irresponsible and has caused a lot
of people a lot of trouble.  If indeed his cause was to get the bug
fixed to stop "security problems" he would not have caused a
multitude more in the short term.  
-- 
Paul Guthrie
chinet!nsacray!paul or pdg at balr.com or attmail!balr!pdg