SECURITY BUG IN INTERACTIVE UNIX SYSV386

Garry M. Paxinos pax at megasys.com
Fri Feb 15 22:41:34 AEST 1991 

In article <27b9fc7e.3f86 at petunia.CalPoly.EDU> aschaffe at polyslo.CalPoly.EDU (JedHead) writes:

   Huge kudos going out to the person who alerted the net to the Security
   Hole.. I, too, had some reservations at first about the propriety of
   releasing that information "to the world", but quickly realized that it
   was a sure-fire way to get a reaction from the vendors...

Agreed!!  My hat's off to Joern!

   A 3-day cycle from the "Hey, ISC!" message to an announcement of a free
   bug fix is something to be impressed with..

But I do not agree on this...  considering the original poster apparently 
spent 6 months trying to get ISC to do something about this...

For referneces, here is the statement in the ISC 2.2 release notes on page
10:

' * A new tunable parameter has been added to prevent users from 
    writing to the ublock of ther own processes.  By setting the
    value of UAREAUS and UAREARW to 0 instead of the default,
    1, users can be prevented from changing their effective user
    identifications (UID).  Refer to the "INTERACTIVE UNIX
    Operating System Maintenance Procedures" for more informa-
    tion on setting tunable parameters  '

   Obviously they knew about it in 2.2, and proceded to NOT do anything to 
fix it when they released the 2.2.1 update.   If anything, I am impressed with
their sheer stupidity.   Gee, I'm really glad it only took them 3 days to
admit to a gapping security hole when it was printed in their 2.2 release 
notes almost a year ago...

   We have systems Nuclear Power Plants!   Besides not wanting the general 
operations people to have root access, these systems also have modems!  Need 
I say more?!

    pax.

--
E-Mail:pax at megasys.com    pax at ankh.ftl.fl.us    gmp at pinet.aip.org
USNail:Megasystems, Inc.    2055 South Congress Ave,  Delray Beach,  FL  33445
UUCP  :{gatech!uflorida!novavax!ankh,   mthvax,  shark,   attmail}!megasys!pax
Voice :407-243-2405   Data: 407-243-2407  Fax: 407-243-2408   Telex: 156281499

More information about the Comp.unix.sysv386 mailing list