Path: utzoo!utgpu!water!watmath!clyde!att!rutgers!mailrus!umix!oxtrap!rich
From: rich@oxtrap.UUCP (K. Richard Magill)
Newsgroups: comp.sys.sequent
Subject: Security hole in dynix
Message-ID: <4185@oxtrap.UUCP>
Date: 4 Aug 88 19:00:16 GMT
Reply-To: rich@oxtrap.UUCP
Organization: Ocwen - Ann Arbor
Lines: 37

What follows is a bug report I've just filed to sequent about what
looks like a security problem to me.

Version: Fri Dec  4 14:25:36 PST 1987  - DYNIX V3.0.4 PN: 1003-xxxxx
Fri Dec  4 21:14:24 PST 1987  - Delta Dynix V3.0.4 to NFS-option started
Fri Dec  4 21:16:23 PST 1987  - Delta Dynix V3.0.4 to NFS-option complete
Configuration: System Configuration:
 type  no slic  flags  revision
 MEM    0  12 00000000 20.01.00 type=256k size=8.0Mb base=0x00000000 ileave-lo
 MEM    1  16 00000000 20.01.00 type=256k size=8.0Mb base=0x00000000 ileave-hi
 MBAD   0  24 00000000 00.04.01 f/w version=6
 SCED   0  22 00000000 01.06.00 ver=23 host=7 enet=0800470004fe local
 ZDC    0  20 00000000 00.01.00 f/w version=9
 PROC/032     00000000 00.06.01 no. 0(slic 4), 1(5), 2(8), 3(9), 4(10), 5(11)
Summary: exceeding userlimit leaves console wide open
Severity: Critical
Category: Software
Id: 02318 546605 /dynix
Description:

 When more pty's are being used than "userlimit", init catches the
 fact as a violation of the dynix license.  (more on this next bug
 report).  The problem is that init forces the equivelant to a
 shutdown to single user mode leaving root on the console.

 "Hey, great!  You mean I only need to open X+1 windows and I'm root?"

 You got it.  Unless your windows use 2 pty's each, in which case you
 only need open (X/2)+1 which in our case is currently 9.

 A copy of this bug report is being forwarded to usenet and the
 appropriate arpa lists.

[End Description]

-- 
rich.