Xref: utzoo comp.lang.c:14296 comp.unix.wizards:12885
Path: utzoo!utgpu!watmath!clyde!att!cbnews!lvc
From: lvc@cbnews.ATT.COM (Lawrence V. Cipriani)
Newsgroups: comp.lang.c,comp.unix.wizards
Subject: Insecure hardware (was Re: gets(3) nonsense)
Message-ID: <2330@cbnews.ATT.COM>
Date: 26 Nov 88 15:48:40 GMT
References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <644@scotty.UUCP> <288@ispi.UUCP>
Reply-To: lvc@cbnews.ATT.COM (Lawrence V. Cipriani)
Organization: AT&T Bell Laboratories
Lines: 18

In article <288@ispi.UUCP> jbayer@ispi.UUCP (Jonathan Bayer) writes:
>gets is different in that the input is undefined.  If gets is used in a
>program in which data is piped to, and it is part of a secure system, and
>unsecured data can be piped to it, then it is possible to break it.

(Not picking on you Mr. Bayer!)

All the discussion I have seen so far about recent virus has focused on
software.  To what extent can hardware be at fault?  Was the one of the
reasons the two processor types were attacked because they would allow
code to be executed in data space?  Is this what happened?  Some other
machines will produce a core dump if you pull this.  What else can be done
in hardware to enhance the security of the UNIX(r) operating system?

	Larry Cipriani
--
UNIX was a trademark of Western Electric, Western Electric is a trademark
of AT&T, UNIX is a registered trademark of AT&T