Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!uwm.edu!src.honeywell.com!msi.umn.edu!cs.umn.edu!quest!digibd!rhealey From: rhealey@digibd.com (Rob Healey) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: <1991Feb13.192107.8135@digibd.com> Date: 13 Feb 91 19:21:07 GMT References: <1991Feb11.184130.11321@jwt.UUCP> <1991Feb12.052336.29639@motcad.portal.com> Organization: DigiBoard Incorporated, St. Louis Park, MN Lines: 26 In article <1991Feb12.052336.29639@motcad.portal.com> jtc@motcad.portal.com (J.T. Conklin) writes: >>Now, the question is, what do we do to protect ourselves in the meantime? >If I remember correctly, Sun Microsystems sent out a fixed version of >sendmail to its customer base free of charge the week after the Internet >Worm Attack. I see no reason why we should expect less from the i386 >UNIX vendors. In my opinion, any vendor that doesn't respond to this >problem with the attention it is due, doesn't deserve to be in business. > I'd consider extending this to any vendor that didn't catch this BEFORE the system was shipped doesn't deserve to be in business. HOW can the QA dept. of ANY UNIX system miss a bug of this magnitude? After all, they should have had unexplained system panics when the test that scribbles over all of a USER mode virtual address space to check MMU problems scribbles all over the ublock... ANY user mode process can go wild, scribble in the higher area of it's VM space, wipe out the ublock and it's bye-bye UNIX... Panic: OS vendor irresponsibility syncing disks... (glug, glug, glug) B^(. -Rob Speaking for self, not company.