greg@sdcsvax.UUCP (11/30/83)
We have recently found a security problem that exists in (at least) 4.2BSD and System V. It is not immediately obvious if system-wide security is compromised (and it may not be), but it does make the mutually-suspicious- subsystem paridigm crackable. In particular, it allows rogue 5.3 (which is well known to be very suspicious and private about a number of things) to be opened far enough so that we have broken its encryption scheme for save files. I do not wish to broadcast the particular technique since it seems that it must be cured at the kernel level -- you can't just do something as simple as shutting off /dev/kmem. Instead, I would ask that the people responsible for the maintenence of Unix kernels to get in touch with me via mail and I will describe the problem. I would particularly like to hear from people at Bell, Berkeley, and the other vendors so that they can send whatever fix is necessary to their own customers. (If the consensus is that it will not be a disaster for it to be widely known, I will describe it publicly at a later time.) Greg Noel, NCR Torrey Pines ...!ucbvax!sdcsvax!greg or Greg@NOSC
dan@scgvaxd.UUCP (Dan Boskovich) (01/30/85)
Testing, testing, testing!! This is a test!
chuqui@nsc.UUCP (Chuq Von Rospach) (02/01/85)
In article <257@scgvaxd.UUCP> dan@scgvaxd.UUCP (Dan Boskovich) writes: >Testing, testing, testing!! This is a test! It's obvious that someone has compromised the security of Dan's account-- look at him, he's TESTING us to see if we can track him down! chuq *smirk* -- From the ministry of silly talks: Chuq Von Rospach {allegra,cbosgd,hplabs,ihnp4,seismo}!nsc!chuqui nsc!chuqui@decwrl.ARPA Life, the Universe, and lots of other stuff is a trademark of AT&T Bell Labs