Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!ccu.umanitoba.ca!herald.usask.ca!alberta!alberta!arcsun.arc.ab.ca!cpsc.ucalgary.ca!yogi.fhhosp.ab.ca!janus.mtroyal.ab.ca!mhoffos
From: mhoffos@janus.mtroyal.ab.ca
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Message-ID: <1991Feb14.012104.5846@janus.mtroyal.ab.ca>
Date: 14 Feb 91 08:21:04 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb11.184130.11321@jwt.UUCP> <1991Feb12.020625.6779@kithrup.COM> <529@jahangir.UUCP>
Organization: Mount Royal College, Calgary, Alberta
Lines: 26

In article <529@jahangir.UUCP>, marc@jahangir.UUCP (Marc Rossner) writes:
>> In article <1991Feb11.184130.11321@jwt.UUCP> john@jwt.UUCP (John Temples) writes:
>> >Yikes.  This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
>> >*with* a coprocessor.  It failed on Microport 2.2 with a coprocessor.
>> >Now, the question is, what do we do to protect ourselves in the meantime?
> 
> Works like a charm on ISC 2.2 with a 486 -- good thing the only people
> over here that read this newsgroup already know the root password.
> "Feature", indeed!  Hope ISC hears a lot about this, if anyone can ever
> get past the 15 minutes it takes their telephone guy to locate you in his
> files before he'll let you discuss anything real.
> 
> Marc Rossner
> jahangir!marc@uunet.uu.net


The bug bites on a 486 under ESIX Rev. D too ... if anyone figures out a
workaround it would be much appreciated; has anyone spoke with Everex yet?

Mike Hoffos
--
mhoffos@janus.mtroyal.ab.ca
(Mount Royal College is a community college in Calgary, Alberta)

Disclaimer:     Mount Royal College doesn't speak for me, and I *certainly*
                don't speak for it.