SECURITY BUG IN INTERACTIVE UNIX SYSV386
James Howard
jrh at mustang.dell.com
Thu Feb 14 13:51:35 AEST 1991
In article <1991Feb13.192107.8135 at digibd.com>, rhealey at digibd.com (Rob
Healey) writes:
> In article <1991Feb12.052336.29639 at motcad.portal.com>
jtc at motcad.portal.com (J.T. Conklin) writes:
> >>Now, the question is, what do we do to protect ourselves in the meantime?
> >If I remember correctly, Sun Microsystems sent out a fixed version of
> >sendmail to its customer base free of charge the week after the Internet
> >Worm Attack. I see no reason why we should expect less from the i386
> >UNIX vendors. In my opinion, any vendor that doesn't respond to this
> >problem with the attention it is due, doesn't deserve to be in business.
> >
>
> I'd consider extending this to any vendor that didn't catch this
> BEFORE the system was shipped doesn't deserve to be in business.
>
> HOW can the QA dept. of ANY UNIX system miss a bug of this
> magnitude? After all, they should have had unexplained system
> panics when the test that scribbles over all of a USER mode virtual
> address space to check MMU problems scribbles all over the ublock...
Good question. I have tried the program posted earlier on both Dell
SVR3.2 (which is ISC 2.0.2 based) and Dell SVR4.0 (not in any way
related to ISC ;-) ). It core dumps faithfully on both.
James Howard Dell Computer Corp. !'s:uunet!dell!mustang!jrh
(512) 343-3480 9505 Arboretum Blvd @'s:jrh at mustang.dell.com
Austin, TX 78759-7299
More information about the Comp.unix.sysv386
mailing list