wjw@eba.eb.ele.tue.nl (Willem Jan Withagen) (09/02/90)
Archive-name: apollo-patches/23-Aug-90 Original-posting-by: wjw@eba.eb.ele.tue.nl (Willem Jan Withagen) Original-subject: Re: Security hole in 10.2 Archive-site: eba.eb.ele.tue.nl [131.155.2.25] Archive-directory: /pub/apollo Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) In article <9008221551.AA02021@apo.esiee.fr> bonnetf@apo.esiee.fr (bonnet-franck) writes: >I've heard about a BIG security hole in 10.2 !! Yup there is. It takes a few hours to find it, but it's there. ^^^^ or days if you know little of apollo's > >We have some machines running 10.2 and a lot of running 10.1. >Could someone tell me more about that new security problem ? Well that's a problem: Even my local dutch sales rep does not want to give me all the nice and juicy details. He says that they not allowed to do so??????? ( And maybe we're not supossed to know.) As fas as I can tell, is the bug not going to be fixed since al sorts of programs need to be fixed also. The claim is that OS10.3 is going to solve everything! You should at least get a replacement for 'tar' and remove the /etc/suid_exec program from all stations. > >I agree with one who said that OBSCURITY IS NOT SECURITY > ( === O.I.N.S === , nice isn't it ? ) > >I've NEVER received a list of security patches and what are >they supposed to correct !!! > You could retreive a patch-list with anon-ftp from eba.eb.ele.tue.nl in /pub/apollo I try to take care that there no info on security in this list, so that's of little use for this one specificaly. But what there is boils done to the above. Have you already signed up for the open letter? Regards, Willem Jan Withagen. Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET P.O. 513 Tel: +31-40-473401 5600 MB Eindhoven The Netherlands