SECURITY BUG IN INTERACTIVE UNIX SYSV386
Rob Healey
rhealey at digibd.com
Thu Feb 14 06:21:07 AEST 1991
In article <1991Feb12.052336.29639 at motcad.portal.com> jtc at motcad.portal.com (J.T. Conklin) writes:
>>Now, the question is, what do we do to protect ourselves in the meantime?
>If I remember correctly, Sun Microsystems sent out a fixed version of
>sendmail to its customer base free of charge the week after the Internet
>Worm Attack. I see no reason why we should expect less from the i386
>UNIX vendors. In my opinion, any vendor that doesn't respond to this
>problem with the attention it is due, doesn't deserve to be in business.
>
I'd consider extending this to any vendor that didn't catch this
BEFORE the system was shipped doesn't deserve to be in business.
HOW can the QA dept. of ANY UNIX system miss a bug of this
magnitude? After all, they should have had unexplained system
panics when the test that scribbles over all of a USER mode virtual
address space to check MMU problems scribbles all over the ublock...
ANY user mode process can go wild, scribble in the higher area of it's
VM space, wipe out the ublock and it's bye-bye UNIX...
Panic: OS vendor irresponsibility
syncing disks... (glug, glug, glug) B^(.
-Rob
Speaking for self, not company.
More information about the Comp.unix.sysv386
mailing list