Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!pcserver2!kdenning From: kdenning@pcserver2.naitc.com (Karl Denninger) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Summary: CONFIRMED -- THIS IS A VERY NASTY PROBLEM! RAISE HELL NOW! Keywords: BAD BUG Message-ID: <1991Feb12.222341.5205@pcserver2.naitc.com> Date: 12 Feb 91 22:23:41 GMT References: Organization: AC Nielsen, Bannockburn IL USA Lines: 37 In article lumpi@dobag.in-berlin.de (Joern Lubkoll) writes: >It was a long process of thoughts about this, but now, after half >a year of disput with interactive, here it finally is: > >--- jl > >Hello you at Interactive Systems Coporation ! > >it seems that your very cute interactive unix System has a nice bug ! > >EVERYONE you has access to a shell and a compiler or an interactive >System at home (to upload binaries) CAN BECOME ROOT. .... details deleted. I have confirmed this here...... It is a VERY nasty bug. I highly suggest that all of you out there who have ISC complain immediately to Interactive AND Kodak. All of the systems here on ISC have coprocessors, so the bug can be worked around. Those of you without coprocessors are hosed, folks. Yes, you too can really become root in a few minutes..... Needless to say, I am most disappointed with ISC on this one. I am even more disappointed with the apparent fact that they seem to have known about this for quite some time, and ignored it. Well, now it can't be ignored. -- Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285 kdenning@nis.naitc.com "The most dangerous command on any computer is the carriage return." Disclaimer: The opinions here are solely mine and may or may not reflect those of the company.