SECURITY BUG IN INTERACTIVE UNIX SYSV386
Steve Nuchia
steve at nuchat.sccsi.com
Sun Feb 24 08:57:07 AEST 1991
In <1991Feb19.015227.26159 at nuchat.sccsi.com>, I wrote
>> Unmitigated bullshit.
To which came the reply:
In article <54805 at bigtex.cactus.org> james at bigtex.cactus.org (James Van Artsdalen) writes:
>oh? I see you haven't thought the problem through yet.
...
>Now, think about sdb, and then propose a solution.
Yeah ok, I forgot about the debugger. One more reason why you'd
really like to have the emulator keep its data in the u area.
It would be possible to fix the debugger -- it isn't like it
is portable code anyway -- but yuk.
>Remember, we're not out to remove things from the u block, only to
>make sure that important things aren't writable. Those are very
>different goals.
The point I intended to make, which was obscured by my ill-considered
phrasing, was that any number of convenience or performance considerations
can never justify leaving a security hole like that open.
>Also, remember that Sean is talking about SCO's *solution*, which
>already works and is in the field. Until yours is implemented and
>working, don't be so quick to criticize.
Hmmm... I reread his article and couldn't see how you figure that. I
must have missed some context. It looked to me like he was justifying
the continued existence of the hole on the grounds that the u area
is the "proper" place to put the FP registers. The only indication in
the article to which I responded that Sean did not mean it as a justification
was his quote marks around "proper".
Sorry about the noise.
--
Steve Nuchia South Coast Computing Services (713) 964-2462
"Innocence is a splendid thing, only it has the misfortune
not to keep very well and to be easily misled."
--- Immanuel Kant, Groundwork of the Metaphysic of Morals
More information about the Comp.unix.sysv386
mailing list