SECURITY BUG IN INTERACTIVE UNIX SYSV386

Mike Burg mburg at unix386.Convergent.COM
Fri Feb 15 06:41:21 AEST 1991


In article <27B93F44.5606 at tct.uucp>, chip at tct.uucp (Chip Salzenberg) writes:
> According to jpp at specialix.co.uk (John Pettitt):
> >We have confirmed that this does indeed work on ISC 2.2 and that SCO
> >unix does `the right thing' (tm) and core dumps the application.
> 
> It is good to see that SCO's engineers, unlike those at ISC and
> Everex, have an effective grasp on the basic principles of memory
> protection covered in the first semester of OS design class.

A two sided coin problem...

>From a view of a person who has work for various Unix system houses -
you can't really blame ISC, ESIX, or any other vendors that current has the
bug in it's release. I think the blame should be placed on AT&T. They are the
ones who are (were) shipping the base source with the bug. Most AT&T UNIX
vendors typically only concentrate on adding more options to the system
(i.e. X-Windows, more controller card support, networking). They usually
don't looking into rats mazes like memory managment. Now, look it from the
vendors eye's - You'd be expecting for AT&T to ship a somewhat "secure" (if
you can call it that) product, without serious holes like this one. Logical 
conculsion - concentrate on value and price. But after this, I guess not.
There's only so much a systems house can concentrate on, and some of them
are poorly understaffed.

ON THE OTHER HAND, since you are buying a product from the vendors, you'd
*EXPECT THEM* to sell you a stable product. Kinda of like selling you a 
new car, then having it going out of control because your kid decided to
change the radio station.

Face it folks, all versions of Unix for the PC have problems of some kind.
(Just a matter of what size the explosion will be when it goes off in your
face) It ain't no Ginsu knive offer - ("It dices, it slices, it's a
mutlitasking OS and a teeth cleaner! And if you order now you'll receive....")


-- 
----------------------------------
Michael Burg -  Unisys/Convergent Corp.  Unix Intel Platforms Division San Jose
Phone: (408) 456-5934 UUCP: uunet!pyramid!ctnews!unix386.Convergent.com!mburg



More information about the Comp.unix.sysv386 mailing list