SECURITY BUG IN INTERACTIVE UNIX SYSV386
Thomas Hoberg
tmh at prosun.first.gmd.de
Wed Mar 6 15:40:02 AEST 1991
In article <SR4N5Z at dobag.in-berlin.de>, lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
|> john at jwt.UUCP (John Temples) writes:
|> >In article <KR3NBQQ at dobag.in-berlin.de> lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
|> >>it seems that your very cute interactive unix System has a nice bug !
|> >Yikes. This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
|> >*with* a coprocessor. It failed on Microport 2.2 with a coprocessor.
|>
|> It even works on 2.2 with a coprocessor ! You have to set the Kernel
|> Tuneable Parameters UAREAUS and UAREARW to 0 to protect you u-block !
|> If Esix dows have such parameters, please try them and report me the
|> experiences.
|> 2.02 is unprotectable ! a 2.2 System without a co-cpu is also unprotect-
|> able !
|>
|> >Now, the question is, what do we do to protect ourselves in the meantime?
|> That is the problem which made me think half a year before posting it !
|> The time until the bug-fix arrives will be short I hope, or Interactive
|> has a problem !
|>
|> jl
|>
|> --
|> lumpi at dobag.in-berlin.de -- "Nothing is the complete absence of everything."
--
Thanks God I got a 486 (and *TWO* coprocessors (387 and 4167).
'toete.c' does nice core dumps now...
Any more bugs like this? Does the emulator need access to the 387 save region
in the u_area? Why is this in there?
8-() tom
----
Thomas M. Hoberg | UUCP: tmh at bigfoot.first.gmd.de or tmh%gmdtub at tub.UUCP
c/o GMD Berlin | ...!unido!tub!gmdtub!tmh (Europe) or
D-1000 Berlin 12 | ...!unido!tub!tmh
Hardenbergplatz 2 | ...!pyramid!tub!tmh (World)
Germany | BITNET: tmh%DB0TUI6.BITNET at DB0TUI11 or
+49-30-254 99 160 | tmh at tub.BITNET
More information about the Comp.unix.sysv386
mailing list