Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!snorkelwacker.mit.edu!usc!nic.csu.net!csun!kithrup!sef
From: sef@kithrup.COM (Sean Eric Fagan)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb15.074404.24303@kithrup.COM>
Date: 15 Feb 91 07:44:04 GMT
References: <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM>
Organization: Kithrup Enterprises, Ltd.
Lines: 25

In article <6027@unix386.Convergent.COM> mburg@unix386.Convergent.COM (Mike Burg) writes:
>I think the blame should be placed on AT&T. They are the
>ones who are (were) shipping the base source with the bug. Most AT&T UNIX
>vendors typically only concentrate on adding more options to the system
>(i.e. X-Windows, more controller card support, networking). They usually
>don't looking into rats mazes like memory managment. 

On the other hand, the three companies involved in porting SysVr3.2 to the
'386 were (to the best of my knowledge, mind you) AT&T, Intel, and ISC.
Although I will not name names, I will comment that someone whose opinion I
respect very much has laid the blame on intel for this.  That is hearsay,
though, so take it with a grain of salt.

>You'd be expecting for AT&T to ship a somewhat "secure" (if
>you can call it that) product, without serious holes like this one. Logical 
>conculsion - concentrate on value and price. 

Someone commented that AT&T fixed it in their 3.2.1 product; should I take
this discussion to alt.conspiracy? 8-) 8-) 8-)

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef@kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.