SECURITY BUG IN INTERACTIVE UNIX SYSV386
Chip Salzenberg
chip at tct.uucp
Sun Feb 17 08:44:23 AEST 1991
According to mburg at unix386.Convergent.COM (Mike Burg):
>In article <27B93F44.5606 at tct.uucp>, chip at tct.uucp (Chip Salzenberg) writes:
>> It is good to see that SCO's engineers, unlike those at ISC and
>> Everex, have an effective grasp on the basic principles of memory
>> protection covered in the first semester of OS design class.
>
>From a view of a person who has work for various Unix system houses -
>you can't really blame ISC, ESIX, or any other vendors that current has
>the bug in it's release. I think the blame should be placed on AT&T.
There is plenty of blame to go around. AT&T, ISC and Everex all
deserve big, fat rasberries.
>ON THE OTHER HAND, since you are buying a product from the vendors, you'd
>*EXPECT THEM* to sell you a stable product.
Exactly.
I don't think ISC and Everex have any right to expect empathy (not
that they're asking for it). They took money, they delivered
*seriously* defective goods, and they didn't fix the defects until a
public outcry arose on the Usenet. Bleh.
>Face it folks, all versions of Unix for the PC have problems of some kind.
>(Just a matter of what size the explosion will be when it goes off in your
>face.)
I don't think it's the bug that's the real problem. It's the attitude
displayed by ISC and Everex when the bug was reported six months ago:
"Let's keep it quiet; maybe no one will find out!" Then a Usenet
article breaks through their veil of silence, and presto! free fixes
for everyone. Where were they six months ago?
--
Chip Salzenberg at Teltronics/TCT <chip at tct.uucp>, <uunet!pdn!tct!chip>
"I want to mention that my opinions whether real or not are MY opinions."
-- the inevitable William "Billy" Steinmetz
More information about the Comp.unix.sysv386
mailing list