Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!mips!daver!tscs!tct!chip
From: chip@tct.uucp (Chip Salzenberg)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <27B93F44.5606@tct.uucp>
Date: 13 Feb 91 13:29:40 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb12.085747.8468@specialix.co.uk>
Organization: Teltronics/TCT, Sarasota, FL
Lines: 22

According to jpp@specialix.co.uk (John Pettitt):
>We have confirmed that this does indeed work on ISC 2.2 and that SCO
>unix does `the right thing' (tm) and core dumps the application.

It is good to see that SCO's engineers, unlike those at ISC and
Everex, have an effective grasp on the basic principles of memory
protection covered in the first semester of OS design class.

Forgive me if I react, not by congratulating SCO, but by dropping my
jaw in mind-boggled astonishment that such a huge, gaping, obvious,
you-can-drive-a-truck-through-it security hole was ever released by
ISC or Everex in a beta, much less sold to customers in version after
version after version.

>Maybe we should be saying nice things about SCO's security stuff
>after all !

I'm sorry, but SCO C2 security is still a botch.
-- 
Chip Salzenberg at Teltronics/TCT     <chip@tct.uucp>, <uunet!pdn!tct!chip>
 "I want to mention that my opinions whether real or not are MY opinions."
             -- the inevitable William "Billy" Steinmetz