Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!ccu.umanitoba.ca!herald.usask.ca!alberta!ubc-cs!uw-beaver!cornell!rochester!kodak!ispd-newsserver!ism.isc.com!mchale!martys From: martys@mchale.ism.isc.com (Marty Stewart) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Keywords: security bug Message-ID: <1991Feb19.214702.7093@ism.isc.com> Date: 19 Feb 91 21:47:02 GMT References: <1991Feb15.161201.18164@nstar.rn.com> Sender: Marty Stewart Reply-To: martys@ism.isc.com Organization: Interactive Systems Corp., Santa Monica, CA Lines: 22 This is mail to address the suggestions that INTERACTIVE either post the security hole fix to the net or put it on a ftp site where it can be picked up by users. Under the AT&T licensing agreement, INTERACTIVE cannot post AT&T code to a site where any user can pick it up. We are under the obligation to make sure only AT&T licensed users receive binaries that have portions of AT&T code in them. The fixes for the security hole are in os.o and as such, the code cannot be put in a public area. Another reason for not posting to the net is that the os.o is quite large and will take up unnecessary band- width at sites that do not need the INTERACTIVE fix. As an alternative to calling support, please send mail to martys@ism.isc.com and I will see to it that users are sent a fix as soon as support is given the fix. I will need an address, the version of software that you are running and your 2.0.2 or 2.2 serial number. INTERACTIVE apologizes for any inconveniences this may cause users. Marty C. Stewart Support Team Leader INTERACTIVE Systems Corp.