eps@noe.UUCP (Eric P. Scott) (01/30/89)
We managed to install 3.0e.1U on the third attempt five days ago. Here are my "Top 3" bugs identified so far: 3. mailx: missing setgid(getgid()) before execing EDITOR. => Users get rw access to /usr/mail/* 2. passwd: missing ulimit call. => ulimit 0;passwd nukes /etc/passwd 1. shl: crashes system (kernel panic 0xE) when executed from /dev/ttyM0[01]. I'd appreciate independent verification (also on other SysV). Complaints to the vendors, followups to the newsgroup. -=EPS=-
karl@sugar.uu.net (Karl Lehenbauer) (01/31/89)
In article <578@noe.UUCP>, eps@noe.UUCP (Eric P. Scott) writes: > 2. passwd: missing ulimit call. > => ulimit 0;passwd nukes /etc/passwd > I'd appreciate independent verification (also on other SysV). > Complaints to the vendors, followups to the newsgroup. It nukes it on Bell Tech System V/386 3.0... mailx does the setuid(getuid()), though... -- -- uunet!sugar!karl | "We've been following your progress with considerable -- karl@sugar.uu.net | interest, not to say contempt." -- Zaphod Beeblebrox IV -- Usenet BBS (713) 438-5018
wtr@moss.ATT.COM (02/01/89)
In article <3372@sugar.uu.net> karl@sugar.uu.net (Karl Lehenbauer) writes: >In article <578@noe.UUCP>, eps@noe.UUCP (Eric P. Scott) writes: >> 2. passwd: missing ulimit call. >> => ulimit 0;passwd nukes /etc/passwd > >> I'd appreciate independent verification (also on other SysV). >> Complaints to the vendors, followups to the newsgroup. > >It nukes it on Bell Tech System V/386 3.0... >mailx does the setuid(getuid()), though... on my unix-pc (a.k.a. the AT&T 7300) it attempts to create a temoporary passwd file, and bomb out withan error indicating this. the /etc/passwd file is unaffected. note: the unix-pc runs Sys5 rel1 with most of the rel2 stuff. hmm... i don't have mailx set-group-id'd to mail. it's just "rwxr-xr-x". i haven't noticed any problems with this. oh well,... ===================================================================== Bill Rankin Bell Labs, Whippany NJ (201) 386-4154 (cornet 232) email address: ...!att!moss!wtr
gk@kksys.mn.org (Greg Kemnitz) (02/02/89)
In article <578@noe.UUCP> epsilon@wet.UUCP (Eric P. Scott) writes: >We managed to install 3.0e.1U on the third attempt five days ago. >Here are my "Top 3" bugs identified so far: > >3. mailx: missing setgid(getgid()) before execing EDITOR. => Users get > rw access to /usr/mail/* >2. passwd: missing ulimit call. => ulimit 0;passwd nukes /etc/passwd >1. shl: crashes system (kernel panic 0xE) when executed from /dev/ttyM0[01]. > >I'd appreciate independent verification (also on other SysV). >Complaints to the vendors, followups to the newsgroup. I tested the mailx and passwd bugs on Interactive 386/ix 1.0.6. Both exist in the code we are running. I did not try to reproduce the shl problem, since I was informed by a support rep at Interactive that they are already aware of shl problems. The support person at Interactive tested for the mailx bug on a 386/ix system running their just-released 2.0 code. He reports that it is fixed on that release. As to the passwd bug on 2.0, lets just say that as our conversation closed, he was preparing to bring up the test system from floppy to restore the /etc/shadow file (which is where the passwords are stored in the release he was testing on).... It seems he was having a wee bit of a problem logging on to root, or su-ing.... Needless to say, I'm sure the problem will be reported back to the development folks. -- Greg Kemnitz / K and K Systems / PO Box 41804 / Plymouth, MN 55441-0804 Domain: gk@kksys.mn.org / UUCP: ...!rutgers!bungia!kksys!gk Voice: (612)475-1527 / Fax: (612)475-1979