SECURITY BUG IN INTERACTIVE UNIX AND ESIX

Chip Salzenberg chip at tct.uucp
Sun Feb 24 06:48:28 AEST 1991


According to cpcahil at virtech.uucp (Conor P. Cahill):
>If the guy had first just posted a message about the problem (and included
>a binary for those who might not believe him) and then waited to see what
>the result was,  he *might* have got the result he desired without putting
>EVERY system that gets this newsgroup at risk.

FALLACY ALERT -- DANGER WILL ROBINSON.

Every ISC and Everex system that gets this newsgroup, and all the ones
that don't get it, were *already* at risk.  And given ISC's and
Everex's response to previous bug reports -- i.e. ignore them or paper
them over with a semi-fix that only works if you have an FPU -- I see
no reason to have expected that a simple "Hey, there's a bug" posting
would have resulted in a better situation than what we have now.

Lest you think that the posting didn't give ISC and Everex time to fix
the bug, realize that it was known in some circles at least since the
first release of ESIX.  Allow me to quote a person who shall, for
reasons of company affiliation, remain anonymous:

>At the first uniforum in which Everex showed off their 3.2 product, a rather
>tall individual by the name of Brian Chapman walked up to one of the techies
>manning the booth (all of the people were engineers, it seems), asked if he
>could use a machine with a compiler, and proceeded to write a program that
>[demonstrated the upage bug].
>
>A lower-level techie watched him while he did this; after seeing it run, the
>lower-level techie went and got a higher-level techie, who looked under Mr.
>Chapman's shoulder (Mr. Chapman being 6'10" tall) in astonishment.
>
>Shortly thereafter, I have been told that a Mr. Steph Marr went over to the
>ISC booth, with similar results.

ISC and Everex have had enough time to fix the bug.  What they lacked
was motivation.  Posting demonstration source code provided the
motivation, and I for one am thankful.
-- 
Chip Salzenberg at Teltronics/TCT      <chip at tct.uucp>, <uunet!pdn!tct!chip>
"It's not a security hole, it's a SECURITY ABYSS." -- Christoph Splittgerber
   (with reference to the upage bug in Interactive UNIX and Everex ESIX)



More information about the Comp.unix.sysv386 mailing list