Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!csus.edu!beach.csulb.edu!nic.csu.net!csun!kithrup!sef From: sef@sco.com (Sean Eric Fagan) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Message-ID: <1991Feb18.030104.8990@kithrup.COM> Date: 18 Feb 91 03:01:04 GMT References: <6027@unix386.Convergent.COM> Sender: sef@kithrup.com (Sean Eric Fagan) Organization: The Santa Cruz Operation, Inc. Lines: 28 In article pcg@cs.aber.ac.uk (Piercarlo Grandi) writes: >AT&T say (informally, in this newsgroup) that they corrected it in >3.2.1, and sent the corrections in its update tape to its licensees. SCO >and and Dell installed the corrections. Probably ISC and the others have >now decided to just put those corrections in. (Relating to a previous message thread, the observant will undoubtedly notice that the From: line says 'sef@sco.com'; this is posted as an SCO employee, as it might be read as a plug. It's not, not really, but, well, you get the idea. 8-)) I don't know about Dell, but SCO fixed this, on our own, before AT&T sent out 3.2.1. Anyone who was a beta-site for SCO's 3.2.0 had a kernel that did not have this "feature"; I'm too fuzzy about the dates to be more precise than that (for example, it's quite probably that we actually shipped 3.2.0 [non beta, that is] before AT&T sent out 3.2.1, but I'm not sure about that). Given the technical expertise people have attributed to those at Dell, I would not be surprised if they did the same thing. However, I have absolutely no experience with them or their product, so it's only conjecture. -- Sean Eric Fagan | "I made the universe, but please don't blame me for it; sef@kithrup.COM | I had a bellyache at the time." -----------------+ -- The Turtle (Stephen King, _It_) Any opinions expressed are my own, and generally unpopular with others.