Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!uunet!fub!dobag.in-berlin.de!lumpi From: lumpi@dobag.in-berlin.de (Joern Lubkoll) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: Date: 13 Feb 91 12:20:18 GMT References: <1991Feb12.222341.5205@pcserver2.naitc.com> Organization: Dobag Computer Systems Berlin Lines: 26 kdenning@pcserver2.naitc.com (Karl Denninger) writes: >In article lumpi@dobag.in-berlin.de (Joern Lubkoll) writes: >>It was a long process of thoughts about this, but now, after half >>a year of disput with interactive, here it finally is: >> >>--- jl >> >>Hello you at Interactive Systems Coporation ! >> >>it seems that your very cute interactive unix System has a nice bug ! >> >>EVERYONE you has access to a shell and a compiler or an interactive >>System at home (to upload binaries) CAN BECOME ROOT. >.... details deleted. >Needless to say, I am most disappointed with ISC on this one. I am even >more disappointed with the apparent fact that they seem to have known about >this for quite some time, and ignored it. >Well, now it can't be ignored. That was my hope in posting this. I'm going to fax it to the mayor unix magazines in the world, just to make the effect a little harder to ignore for ISC. I think there will be a bug fix very soon :-) jl -- lumpi@dobag.in-berlin.de -- "Nothing is the complete absence of everything."