security bug in ISC sysv386. here's a quick fix.
Paul Guthrie
pdg at chinet.chi.il.us
Sun Feb 17 11:11:57 AEST 1991
Posting the source code and binary was very irresponsible. Some of
us were working through ISC's support channels to get this fixed
(and had been promised results). Yes, it is obvious from the
release notes, but giving the means to every two-bit news reading
moron is not the right thing to do.
One thing to keep in mind is that if your console is accessible, and
you have the kernel debugger active, anyone on the console can
(among other nasty attacks) reset the protection variables
and get in as root.
--
Paul Guthrie
chinet!nsacray!paul or pdg at balr.com or attmail!balr!pdg
More information about the Comp.unix.sysv386
mailing list