Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!tut.cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!midway!gargoyle!chinet!pdg
From: pdg@chinet.chi.il.us (Paul Guthrie)
Newsgroups: comp.unix.sysv386
Subject: Re: security bug in ISC sysv386. here's a quick fix.
Message-ID: <1991Feb17.001157.8151@chinet.chi.il.us>
Date: 17 Feb 91 00:11:57 GMT
References: <1991Feb12.200752.2772@vort.uucp> <K46NU5L@dobag.in-berlin.de>
Distribution: na
Organization: The League of Crafty Hackers
Lines: 15


Posting the source code and binary was very irresponsible.  Some of
us were working through ISC's support channels to get this fixed
(and had been promised results).  Yes, it is obvious from the
release notes, but giving the means to every two-bit news reading
moron is not the right thing to do.  

One thing to keep in mind is that if your console is accessible, and
you have the kernel debugger active, anyone on the console can 
(among other nasty attacks) reset the protection variables
and get in as root.

-- 
Paul Guthrie
chinet!nsacray!paul or pdg@balr.com or attmail!balr!pdg