SECURITY BUG IN INTERACTIVE UNIX SYSV386

Chip Salzenberg chip at tct.uucp
Thu Feb 14 00:29:40 AEST 1991


According to jpp at specialix.co.uk (John Pettitt):
>We have confirmed that this does indeed work on ISC 2.2 and that SCO
>unix does `the right thing' (tm) and core dumps the application.

It is good to see that SCO's engineers, unlike those at ISC and
Everex, have an effective grasp on the basic principles of memory
protection covered in the first semester of OS design class.

Forgive me if I react, not by congratulating SCO, but by dropping my
jaw in mind-boggled astonishment that such a huge, gaping, obvious,
you-can-drive-a-truck-through-it security hole was ever released by
ISC or Everex in a beta, much less sold to customers in version after
version after version.

>Maybe we should be saying nice things about SCO's security stuff
>after all !

I'm sorry, but SCO C2 security is still a botch.
-- 
Chip Salzenberg at Teltronics/TCT     <chip at tct.uucp>, <uunet!pdn!tct!chip>
 "I want to mention that my opinions whether real or not are MY opinions."
             -- the inevitable William "Billy" Steinmetz



More information about the Comp.unix.sysv386 mailing list