Xref: utzoo comp.unix.wizards:25571 alt.security:2521
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!crackers!m2c!seqp4!jdarcy
From: jdarcy@seqp4.ORG (Jeff d'Arcy)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Message-ID: <732@seqp4.UUCP>
Date: 9 May 91 19:57:25 GMT
References: <1991May6.154014.855@ux1.cso.uiuc.edu>
Reply-To: jdarcy@sequoia.com (Jeff d'Arcy)
Organization: Sequoia Systems, Marlboro MA
Lines: 45

Paul-Pomes@uiuc.edu:
> From: ian@pharaoh.UUCP (Ian Crocker)
>
>>Further to my previous post I thought of a machine I hadn't tried it on and 
>>sure enough it worked.  Complete control of the root terminal from an
>>unprivileged userid.  Seems this manufacturer is lagging behind the others -
>>no prizes for guessing who it is!
>
>Sequoia Systems?  After all, they're too busy to check.

This post gave me the incentive to check things out under TOPIX (Sequoia's
UNIX-compatible OS) despite the fact that I'll probably get in trouble for
taking the time away from my assigned tasks to do so.  What I found was a
very serious security bug involving TIOCSTI, but I don't think it's the same
one people have been talking about here.  It doesn't bother me to admit that
the problem exists because:

	(a) I've barely been at Sequoia long enough to remember my boss's
	name, let alone take responsibility for day-one bugs; and

	(b) the existence of the problem in TOPIX does nothing to invalidate
	any of my earlier statements.

Now it's on my list of things to fix.  Big deal.  Except for the publicity,
there's nothing to distinguish this bug from the sort of stuff that I and
thousands of other OS developers at dozens of companies have seen every day
for years.  Maybe Dan, Ian, and Paul's excitement can be explained by the
observation that just about anything is exciting the first few times.

Believe me, kids: there are dozens of bugs in *every OS in the world* that
would horrify users and administrators alike if they were ever made known.
Twiddle this, frobnicate that, and...BLAM...instant super-user, or system
crash, or filesystem corruption, or whatever.  Should I tell you about the
SOCK_RAW crashes at one vendor, or the disappearing disk space at another,
or the setuid bug at a third?  Really, I got a million of 'em.  Why don't
you guys stop crowing because you found *one* bug in *one* OS, and think a
little about how many you *don't* know about and never will?  I'm sure there
are plenty of scary bugs that I'll never hear about because they were fixed
by my predecessors.

Excuse me.  I have bugs to fix.
-- 

Jeff d'Arcy, Generic MTS, Sequoia Systems Inc. <jdarcy%seqp4@m2c.org>
         Time flies like an arrow; fruit flies like a banana