Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994
Neil Woods (neil@legless.demon.co.uk)
Thu, 1 Dec 1994 05:10:05 +0100 (GMT)
>
> > Change that in: "how quickly Sun came with not-working patches"
> > Note too that the patch that finally fixed the /var/spool/mail
> > race conditions appeared months after the last 8lgm advisory.
> >
>
>
> The Sun patch fixed some of the problems and made the race harder to win.
It didn't fix any problem I know of - it made it harder to append to files,
but easier to create files (in fact there was no race to create files).
Personally I'd consider this a step back.
> It
> also filled the particular hole that particular 8lgm script exposed. Better
> than a cryptic message from 8lgm saying "there is a bug in mail" and better
> than hearing nothing at all from CERT until Sun believes they have the bug
> fixed.
It stopped our original script from appending to files. The script
was supposed to be a sample exploitation, not the be-it-and-end-all
of the hole. You could patch cc so as to not compile mailrace.c with
similar success 8).
CERT were supplied with a script in May for the current mail advisory,
and I supplied it to several people at Sun in the autumn (fall) in
case CERT wasnt passing this on.
> And if it takes several iterations for Sun to do this, and they
> don't have whatever added pressure a widely-distributed exploit script adds,
> this might a year or more for systems to be vulnerable to those who know
> about this bug. And with every passing day the chance someone else will
> independly discover it increases...
>
Well we have provided src to fix this, so hopefully it won't take
another seven months.
Cheers,
Neil
--
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.
...like a badger with an afro throwing sparklers at the Pope...