[eunet.bugs.4bsd] FIX from UC Berkeley

zhang@zgdvda.UUCP (Ning Zhang) (12/23/88)

Hi UNIX Folks,

I just got a patch from Berkeley and it looks like this

> Subject: security problem in ?.
> Index: ? 4.3BSD
> Description:
> 	There's a security problem associated with the ? in all known
> 	Berkeley systems.  This problem is also in most Berkeley derived
> 	systems, see your vendor for more information.
> Fix:
> 	Apply the following patch to the file ? and ? it.
> ......

I am very afraid that if some crackers have seen the patch, they can
break down any 4.3bsd UNIX system.

Nowadays, computer has become very important in our daily life. And
the security problem has been more concerned. But when I saw that I
become a super-user in a very easy way, I couldn't trust my eyes, and
also UNIX. A such big hole has exists in 4.3bsd system at least for 5
years! We all know the importance of the security, however, there
was no any security in 4.3bsd UNIX system. The weakness of UNIX has
shown again. If a cracker, or a worm or a virus know the hole, it
would be ... unbelievable! But we, UNIX folks are lucky, I am not a
cracker, or RTM,Jr. And I had it reported to Berkeley. UNIX society
will become safe again very soon. But, I don't think we will safe
forever after the hole is plugged. What's the real solution of the
security problem in computer systems? At least, in my mind, it is
not a good way to solve security problem as bug-report and bug-fix
circle. Of course, we should think about the complexisity of computer
systems, but I think it is is another problem. It is worse that we
always make the same error in different places, at different time!
and most of experienced programmers and experts also do it, just as
Gene Spafford said in his worm report. We all should consider this
security problem carefully and seriously.

The above is my opinion only. I think I have an alliance.

 _______  -^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-
/____  /  Ning Zhang                           (zhang@zgdvda.uucp)
 ___/ /   Zentrum fuer Graphische Datenverarbeitung e.V.    (ZGDV)
/__  /    Wilhelminenstrasse 7, D-6100 Darmstadt, F. R. of Germany
  / /____ Phone: +49/6151/1000-67             Telex: 4197367 agd d
 /______/ -v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-v-
P.S.: I have been a part-time system manager for 5 years in China.
P.S.: But now I am working on Computer Graphics   (It's my major).
P.S.: If you give me a chance, I will do the number one for you :-)