SECURITY BUG IN INTERACTIVE UNIX SYSV386

Chip Salzenberg chip at tct.uucp
Thu Feb 21 03:44:41 AEST 1991


According to pcg at cs.aber.ac.uk (Piercarlo Grandi):
>The first thing their attorney will have told them must have been
>"don't admit anything".

For minor bugs, the old "it's not a bug, it's a feature" spiel might
be a workable alternative.  But I would be flabbergasted if a member
of any U.S. bar association advised Interactive not to 'fess up about
the upage bug, unless said lawyer was misled as to the bug's nature.

>Technically and practically, all these vendors are just selling you
>defect free floppies. The usefulness of their contents are explicitly
>disclaimed in every possible way.

Fortunately, the warranty that asserts this "fact" is not the be-all
and end-all of vendor-customer obligations.
-- 
Chip Salzenberg at Teltronics/TCT      <chip at tct.uucp>, <uunet!pdn!tct!chip>
"It's not a security hole, it's a SECURITY ABYSS." -- Christoph Splittgerber
   (with reference to the upage bug in Interactive UNIX and Everex ESIX)



More information about the Comp.unix.sysv386 mailing list