SECURITY BUG IN INTERACTIVE UNIX SYSV386
W.c. Rothanburg
wcr at tree.metrolink.com
Thu Feb 14 12:21:38 AEST 1991
In article <6A5NSZK at dobag.in-berlin.de> lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
marc at jahangir.UUCP (Marc Rossner) writes:
>> In article <1991Feb11.184130.11321 at jwt.UUCP> john at jwt.UUCP (John Temples) writes:
>> >Yikes. This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
>> >*with* a coprocessor. It failed on Microport 2.2 with a coprocessor.
>> >Now, the question is, what do we do to protect ourselves in the meantime?
>Works like a charm on ISC 2.2 with a 486 -- good thing the only people
>over here that read this newsgroup already know the root password.
>"Feature", indeed! Hope ISC hears a lot about this, if anyone can ever
>get past the 15 minutes it takes their telephone guy to locate you in his
>files before he'll let you discuss anything real.
Set UAREAUS and UAREARW to zero and it won't work any more !
But this works onlu on ISC 2.2 and not on 2.02. No 2.02 system can be
protected !
The only problem with setting UAREAUS and UAREAW to zero is you
cannot do any floating point operations without a co-processor.
(I don't have a co-processor to try it with... <sigh>)
We (at Metro Link) have found the AT&T Unix/386 appears to have the
same problem. (I heard this second hand and don't know from whom.)
Bill
--
Who : Metro Link, Inc.
What : X11.R4. for ISC Unix 386/ix, SCO Unix/386, and Everex ESIX
Where: 2213 West Mc Nab Road, Pompano Beach,FL 33069
Sales: sales at metrolink.com
Email: wcr at metrolink.com
Phone: +1 305 970 7353 x927
Fax : +1 305 970 7351
More information about the Comp.unix.sysv386
mailing list