Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!pdn!tscs!tct!chip From: chip@tct.uucp (Chip Salzenberg) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: BAD BUG Message-ID: <27BDA7B8.1DD8@tct.uucp> Date: 16 Feb 91 21:44:23 GMT References: <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM> Organization: Teltronics/TCT, Sarasota, FL Lines: 36 According to mburg@unix386.Convergent.COM (Mike Burg): >In article <27B93F44.5606@tct.uucp>, chip@tct.uucp (Chip Salzenberg) writes: >> It is good to see that SCO's engineers, unlike those at ISC and >> Everex, have an effective grasp on the basic principles of memory >> protection covered in the first semester of OS design class. > >From a view of a person who has work for various Unix system houses - >you can't really blame ISC, ESIX, or any other vendors that current has >the bug in it's release. I think the blame should be placed on AT&T. There is plenty of blame to go around. AT&T, ISC and Everex all deserve big, fat rasberries. >ON THE OTHER HAND, since you are buying a product from the vendors, you'd >*EXPECT THEM* to sell you a stable product. Exactly. I don't think ISC and Everex have any right to expect empathy (not that they're asking for it). They took money, they delivered *seriously* defective goods, and they didn't fix the defects until a public outcry arose on the Usenet. Bleh. >Face it folks, all versions of Unix for the PC have problems of some kind. >(Just a matter of what size the explosion will be when it goes off in your >face.) I don't think it's the bug that's the real problem. It's the attitude displayed by ISC and Everex when the bug was reported six months ago: "Let's keep it quiet; maybe no one will find out!" Then a Usenet article breaks through their veil of silence, and presto! free fixes for everyone. Where were they six months ago? -- Chip Salzenberg at Teltronics/TCT , "I want to mention that my opinions whether real or not are MY opinions." -- the inevitable William "Billy" Steinmetz