Insecure hardware (was Re: gets(3) nonsense)

Lawrence V. Cipriani lvc at cbnews.ATT.COM
Sun Nov 27 01:48:40 AEST 1988


In article <288 at ispi.UUCP> jbayer at ispi.UUCP (Jonathan Bayer) writes:
>gets is different in that the input is undefined.  If gets is used in a
>program in which data is piped to, and it is part of a secure system, and
>unsecured data can be piped to it, then it is possible to break it.

(Not picking on you Mr. Bayer!)

All the discussion I have seen so far about recent virus has focused on
software.  To what extent can hardware be at fault?  Was the one of the
reasons the two processor types were attacked because they would allow
code to be executed in data space?  Is this what happened?  Some other
machines will produce a core dump if you pull this.  What else can be done
in hardware to enhance the security of the UNIX(r) operating system?

	Larry Cipriani
--
UNIX was a trademark of Western Electric, Western Electric is a trademark
of AT&T, UNIX is a registered trademark of AT&T



More information about the Comp.unix.wizards mailing list