Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!spool.mu.edu!uwm.edu!linac!att!cbnews!junk1
From: junk1@cbnews.att.com (eric.a.olson)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb19.123235.28961@cbnews.att.com>
Date: 19 Feb 91 12:32:35 GMT
References: <1991Feb15.134715.16979@virtech.uucp> <3218@sixhub.UUCP> <1991Feb18.140624.1860@virtech.uucp>
Organization: AT&T Bell Laboratories
Lines: 17

In article <1991Feb18.140624.1860@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes:
>
>THE uunencoded binary is not less dangerous.  I meant "a uuencoded binary
>that proves that root access was obtained without damaging the security
>of the system".
>
	Oh, come on, Conor...you would run a _binary_ file that
	proves that root access was obtained and that _claims_ not
	to have damaged the security system?  I would not.  I tried
	the source (segmentation violation on AT&T 3.2.1 and 3.2.2
	with no co-proc).   I think that perhaps the best of both
	worlds would have been served with the simple statement,
	"The u-area is not write-protected on all versions of the
	UNIX operating system."
							
						eric a. olson
						eao@mvucl.att.com