Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!uunet!mcsun!unido!opal!fub!dobag.in-berlin.de!lumpi
From: lumpi@dobag.in-berlin.de (Joern Lubkoll)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <SR4N5Z@dobag.in-berlin.de>
Date: 12 Feb 91 11:15:15 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb11.184130.11321@jwt.UUCP>
Organization: Dobag Computer Systems Berlin
Lines: 22

john@jwt.UUCP (John Temples) writes:
>In article <KR3NBQQ@dobag.in-berlin.de> lumpi@dobag.in-berlin.de (Joern Lubkoll) writes:
>>it seems that your very cute interactive unix System has a nice bug !
>Yikes.  This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
>*with* a coprocessor.  It failed on Microport 2.2 with a coprocessor.

It even works on 2.2 with a coprocessor ! You have to set the Kernel
Tuneable Parameters UAREAUS and UAREARW to 0 to protect you u-block !
If Esix dows have such parameters, please try them and report me the
experiences.
2.02 is unprotectable ! a 2.2 System without a co-cpu is also unprotect-
able !

>Now, the question is, what do we do to protect ourselves in the meantime?
That is the problem which made me think half a year before posting it !
The time until the bug-fix arrives will be short I hope, or Interactive
has a problem !

jl

-- 
lumpi@dobag.in-berlin.de  --  "Nothing is the complete absence of everything."