Bugtraq mailing list archives
Re: UnixWare
From: casper () fwi uva nl (Casper Dik)
Date: Wed, 27 Apr 94 19:35:43 +0200
On Apr 27, 10:49am, Perry E. Metzger wrote:Subject: Re: UnixWareName a couple for us then. I personally have seen only one security hole in a kernel in the past several years -- the division bug under older SunOS. Virtually every alert is related to a program thats setuid root, or that is needlessly running with root privileges (like sendmail).
A number of SunOS ones: divide by zero, imul, idiv emulation (two seperate bugs), PTRACE_ATACH (in SunOS 4.0.x). There was some bug in early Solaris versions inwindow underflow/overflow traps too (unconfirmed). There are also ones reported in V6 or V7 unix. The BSD pty subsystem also is too permissive and allows snooping on other pty's, which could lead to the discovery of passwords and unauthorized access.
I've not got a copy of UNIX ware around, but I bet that it's still got the mmap/copy-on-write hole in it. Easy to reproduce, with a 64KB file and mmap should return a permission denied, but it still let's you get access.
I wouldn't be too sure: this bug was discovered a long time ago and seems to only have hit the SVR4 for Intel market.
NOTE I'VE NOT GOT A COPY or UNIXware available, but that bug was discovered in all SVR4's about the same time that UNIXWare was starting to ship...
The bug was discovered much earlier. I believe ICL had already fixed it in their SPARC reference port and it wasn't in Solaris 2.1 for the x86 either (about two years old). Although vendors distribute fixes, it seems to take a long time before the patch gets incorporated in their main release (it supposedly is still in ESIX 4.0.4, while fixes were made available for 4.0.2 and 4.0.3) Casper
Current thread:
- Re: UnixWare, (continued)
- Re: UnixWare Gene Spafford (Apr 27)
- Re: UnixWare a.e.mossberg (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare David A. Curry (Apr 28)
- HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bennett Todd (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 28)