Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!chinacat!uudell!mustang!jrh From: jrh@mustang.dell.com (James Howard) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: <15126@uudell.dell.com> Date: 14 Feb 91 02:51:35 GMT References: <1991Feb13.192107.8135@digibd.com> <1991Feb11.184130.11321@jwt.UUCP> <1991Feb12.052336.29639@motcad.portal.com> Sender: news@uudell.dell.com Reply-To: jrh@mustang.dell.com (James Howard) Organization: Dell Computer Corp. Lines: 29 In article <1991Feb13.192107.8135@digibd.com>, rhealey@digibd.com (Rob Healey) writes: > In article <1991Feb12.052336.29639@motcad.portal.com> jtc@motcad.portal.com (J.T. Conklin) writes: > >>Now, the question is, what do we do to protect ourselves in the meantime? > >If I remember correctly, Sun Microsystems sent out a fixed version of > >sendmail to its customer base free of charge the week after the Internet > >Worm Attack. I see no reason why we should expect less from the i386 > >UNIX vendors. In my opinion, any vendor that doesn't respond to this > >problem with the attention it is due, doesn't deserve to be in business. > > > > I'd consider extending this to any vendor that didn't catch this > BEFORE the system was shipped doesn't deserve to be in business. > > HOW can the QA dept. of ANY UNIX system miss a bug of this > magnitude? After all, they should have had unexplained system > panics when the test that scribbles over all of a USER mode virtual > address space to check MMU problems scribbles all over the ublock... Good question. I have tried the program posted earlier on both Dell SVR3.2 (which is ISC 2.0.2 based) and Dell SVR4.0 (not in any way related to ISC ;-) ). It core dumps faithfully on both. James Howard Dell Computer Corp. !'s:uunet!dell!mustang!jrh (512) 343-3480 9505 Arboretum Blvd @'s:jrh@mustang.dell.com Austin, TX 78759-7299