SECURITY BUG IN INTERACTIVE UNIX SYSV386

ryerson.schwark ry at cbnewsl.att.com
Sat Feb 16 02:35:19 AEST 1991


In article <6027 at unix386.Convergent.COM> mburg at unix386.Convergent.COM (Mike Burg) writes:
>From a view of a person who has work for various Unix system houses -
>you can't really blame ISC, ESIX, or any other vendors that current has the
>bug in it's release. I think the blame should be placed on AT&T. They are the
>ones who are (were) shipping the base source with the bug. Most AT&T UNIX
>vendors typically only concentrate on adding more options to the system
>(i.e. X-Windows, more controller card support, networking). They usually
>don't looking into rats mazes like memory managment. Now, look it from the
>vendors eye's - You'd be expecting for AT&T to ship a somewhat "secure" (if
>you can call it that) product, without serious holes like this one. Logical 
>conculsion - concentrate on value and price. But after this, I guess not.
>There's only so much a systems house can concentrate on, and some of them
>are poorly understaffed.


We did fix the bug in our update tape to 3.2.  We take these problems
very seriously.  Our support department has verified that the problem
doesn't occur on 3.2.1 systems or later, including Release 4.

Ry Schwark
AT&T UNIX System Laboratories



More information about the Comp.unix.sysv386 mailing list