Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!unido!alderan!chris
From: chris@alderan.uucp (Christoph Splittgerber)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <329@alderan.uucp>
Date: 13 Feb 91 10:21:57 GMT
References: <KR3NBQQ@dobag.in-berlin.de>
Organization: C. Splittgerber Datentechnik, Denkendorf, Germany
Lines: 22

In article <KR3NBQQ@dobag.in-berlin.de> lumpi@dobag.in-berlin.de (Joern Lubkoll) writes:
>it seems that your very cute interactive unix System has a nice bug !

Oh my god - its really true. (on my ISC 2.0.2 *with* co-proc.)

While we've all been discussing security holes in the file-system and
talked about SUID and SGID and all that stuff there is a way to break
everything and it's so goddam easy that it's hard to believe it.
It's not a security hole, it's a SECURITY ABYSS.


I don't like ISC's upgrate provision clauses and I don't wana pay for this
bugfix.

So what to do now ? .....  -:(  -:(  -:(

Hey you people at ISC, what's up ?

-- 
************************ Brain fault (core dumped) *************************
Replies-To:  chris@alderan.uucp        UUCP: uunet!mcsun!unido!alderan!chris 
Phone:       +49 711 344375            Fax:  +49 711 3460684