Xref: utzoo alt.sources.d:1836 comp.unix.internals:2787 comp.unix.wizards:25632
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!news.cs.indiana.edu!rutgers!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: alt.sources.d,comp.unix.internals,comp.unix.wizards
Subject: Re: kstuff 0.18 (part 1/6)
Message-ID: <14365:May1522:32:5891@kramden.acf.nyu.edu>
Date: 15 May 91 22:32:58 GMT
References: <1991May11.200747.17465@scuzzy.in-berlin.de> <9105131716.AA17481@rodan.UU.NET> <19274@rpp386.cactus.org>
Followup-To: comp.unix.wizards
Organization: IR
Lines: 36

In article <19274@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes:
> One problem is that the changes that are needed really have to
> be made by the vendors because the changes aren't the same for
> every UNIX platform.  So he can't post a detailed fix.

Fortunately (?), the holes were all inherited from the same place, so
the fixes are essentially the same on each platform. In fact, I haven't
heard of a (BSD-derived) system where my fixes don't work as is.

What would really simplify the fixes is to eliminate all kernel changes.
I have a (theoretically unreliable but in practice race-free) user-mode
opencount() for various systems, including SunOS, Ultrix, straight BSD,
DYNIX, et al., so on those systems it isn't necessary to implement
TIOCOPENCT inside the kernel, at least not at first. It turns out that
TIOCNOTTY already works on /dev/ttyxx on quite a few systems. That
leaves just one kernel change for those systems, namely implementing
/dev/stdtty. If someone can figure out a solution to /dev/tty that
doesn't involve kernel changes, it'll suddenly be possible to distribute
working patches even to sites without source.

> My prediction is that Dan will post his code, a lot
> of system will be broken into, and then Dan will be arrested
> and hauled off to jail.  All because the vendors don't want to
> be bothered.

Thank you for that pleasant thought.

> I've sent Dan a request
> for his breakin suite (or whatever) and he hasn't provided it
> yet.

Slow down, willya? I think it's more important to get the information to
vendors like Sun that still have the problem than to vendors like IBM
that (at least claim to) have fixed it.

---Dan