SECURITY BUG IN INTERACTIVE UNIX SYSV386

Marty Stewart martys at mchale.ism.isc.com
Wed Feb 20 08:47:02 AEST 1991


	This is mail to address the suggestions that INTERACTIVE either post
the security hole fix to the net or put it on a ftp site where it can be
picked up by users.

	Under the AT&T licensing agreement, INTERACTIVE cannot post AT&T
code to a site where any user can pick it up.  We are under the obligation
to make sure only AT&T licensed users receive binaries that have portions of
AT&T code in them.  The fixes for the security hole are in os.o and as such,
the code cannot be put in a public area.  Another reason for not posting to
the net is that the os.o is quite large and will take up unnecessary band-
width at sites that do not need the INTERACTIVE fix.

	As an alternative to calling support, please send mail to
martys at ism.isc.com and I will see to it that users are sent a fix as soon as
support is given the fix.  I will need an address, the version of software
that you are running and your 2.0.2 or 2.2 serial number.  INTERACTIVE
apologizes for any inconveniences this may cause users.

Marty C. Stewart
Support Team Leader
INTERACTIVE Systems Corp.



More information about the Comp.unix.sysv386 mailing list