[net.bugs.4bsd] Potential Security Problem

greg@sdcsvax.UUCP (11/30/83)

We have recently found a security problem that exists in (at least) 4.2BSD
and System V.  It is not immediately obvious if system-wide security is
compromised (and it may not be), but it does make the mutually-suspicious-
subsystem paridigm crackable.  In particular, it allows rogue 5.3 (which is
well known to be very suspicious and private about a number of things) to be
opened far enough so that we have broken its encryption scheme for save files.

I do not wish to broadcast the particular technique since it seems that it
must be cured at the kernel level -- you can't just do something as simple
as shutting off /dev/kmem.  Instead, I would ask that the people responsible
for the maintenence of Unix kernels to get in touch with me via mail and I
will describe the problem.  I would particularly like to hear from people
at Bell, Berkeley, and the other vendors so that they can send whatever
fix is necessary to their own customers.  (If the consensus is that it will
not be a disaster for it to be widely known, I will describe it publicly
at a later time.)

Greg Noel, NCR Torrey Pines    ...!ucbvax!sdcsvax!greg  or  Greg@NOSC

dan@scgvaxd.UUCP (Dan Boskovich) (01/30/85)

Testing, testing, testing!! This is a test!

chuqui@nsc.UUCP (Chuq Von Rospach) (02/01/85)

In article <257@scgvaxd.UUCP> dan@scgvaxd.UUCP (Dan Boskovich) writes:
>Testing, testing, testing!! This is a test!

It's obvious that someone has compromised the security of Dan's account--
look at him, he's TESTING us to see if we can track him down!

chuq *smirk*
-- 
From the ministry of silly talks:               Chuq Von Rospach
{allegra,cbosgd,hplabs,ihnp4,seismo}!nsc!chuqui nsc!chuqui@decwrl.ARPA

Life, the Universe, and lots of other stuff  is a trademark of AT&T Bell Labs