Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!fub!dobag.in-berlin.de!lumpi From: lumpi@dobag.in-berlin.de (Joern Lubkoll) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: Date: 14 Feb 91 13:36:39 GMT References: <329@alderan.uucp> Organization: Dobag Computer Systems Berlin Lines: 27 chris@alderan.uucp (Christoph Splittgerber) writes: >In article lumpi@dobag.in-berlin.de (Joern Lubkoll) writes: >>it seems that your very cute interactive unix System has a nice bug ! >Oh my god - its really true. (on my ISC 2.0.2 *with* co-proc.) 2.02 cannot be made secure. Only 2.2 can be made secure with co-cpu and setting UAREAUS and UAREARW to zero. jl >While we've all been discussing security holes in the file-system and >talked about SUID and SGID and all that stuff there is a way to break >everything and it's so goddam easy that it's hard to believe it. >It's not a security hole, it's a SECURITY ABYSS. so it is ! >I don't like ISC's upgrate provision clauses and I don't wana pay for this >bugfix. i don't want to pay anything too ! And a lot of others won't pay too, I hope ! >So what to do now ? ..... -:( -:( -:( refer to alt.suicide jl -- lumpi@dobag.in-berlin.de -- "Nothing is the complete absence of everything."