SECURITY BUG IN INTERACTIVE UNIX SYSV386

[Ric Werme]

In article <7667 at crash.cts.com> jca at pnet01.cts.com (John C. Archambeau) writes:
>martys at mchale.ism.isc.com (Marty Stewart) writes:
>>	Under the AT&T licensing agreement, INTERACTIVE cannot post AT&T
>>code to a site where any user can pick it up.
>
>Now this is getting to be a bloody sick joke.  I find it a little bit
>difficult to believe that there just isn't a simple binary patch for os.o much
>along the same lines as the inode patch that has been floating around for
>ages.  Might I remind you that SCO provides their patches and fixes to the
>public via anonymous UUCP.

No, just a good reason for you to volunteer to help gnu finish their unix.
I find it difficult to believe that a could involve a single .o file.  I'd
be inclined to put the FP regs in a completely separate page, either a page
in the U area or a page pointed at by the U area and swapped separately.
Either change would change the offsets of all U area data that follows and
require recompiling all OS modules that use user.h.  There are a lot of them.

Yes, I'm aware of the hackery that could be done to eliminate the offset
screwup, but I'd still be impressed to see a patch to fix the problem that
doesn't disable proper features.

-- 

| A pride of lions              | Eric J Werme                   |
| A gaggle of geese             | uucp: mit-eddie!alliant!werme  |
| An odd lot of programmers     | Phone: 508-486-1214            |