Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!crdgw1!uunet!virtech!cpcahil From: cpcahil@virtech.uucp (Conor P. Cahill) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: <1991Feb16.193246.25903@virtech.uucp> Date: 16 Feb 91 19:32:46 GMT References: <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM> <1991Feb15.134715.16979@virtech.uucp> Organization: Virtual Technologies Inc. Lines: 30 lumpi@dobag.in-berlin.de (Joern Lubkoll) writes: >cpcahil@virtech.uucp (Conor P. Cahill) writes: >> POSTING THE CODE WAS DEAD WRONG. >Everyone being able to use debugger or the disassembler, will be able >to get the information out of the binary ! Yes, but that requires the following: 1. the desire to spend the time doing it. 2. the ability to read and understand the assembly language 3. the ability to turn that back into a c program 4. the knowledge that there is a disassembler Not trying to nock on anybody in particular, but I would bet that most of the people that read this newsgroup would probably not have at least one of the requirements. Don't read me wrong. I'm not saying that no one outthere would be able to replicate the problem. I am only saying that because the code was posted EVERYONE who reads this group will be able to do it. >Don't you think, this is enough for anyone to see, whats going on ? Seeing what is going on and replicating it in another program is not always a simple step. -- Conor P. Cahill (703)430-9247 Virtual Technologies, Inc. uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160 Sterling, VA 22170