Aazure.607 net.general,net.unix-wizards utcsrgv!utzoo!decvax!duke!chico!harpo!mhtsa!ihnss!cbosg!teklabs!tekmdp!azure!randals Sun Mar 7 17:10:34 1982 followup: WARNING: There is another system Many of the people that have responded to my first announcement of the break in UUCP that allows ANY command to be executed on ANY system running vanilla V7, 2BSD, or 4BSD system as the "uucp" user have asked me if this is the ampersand bug that John Levine mentioned on this net a while ago. (John's announcement must have happended while our world-connect site, "teklabs", was having disk problems.) To make this perfectly clear.... IT IS NOT the ampersand bug! If I had known about the ampersand bug, my task might have been a little simpler, but my method DOES NOT DEPEND ON THAT BUG. Fixing that bug DOES NOT ensure you of a secure system. To repeat my previous offer (for which to-date I have received 45 requests!!), I will send computer mail only to "root" of any system that requests the information. (I also simultaneously mail it to the original requestor, since many people have told me that they do not check root's mail that often.) My letter contains a description of the bug, my magic shell program that makes use of the bug, and a recommended fix. My uucp address is: ...!ucbvax!teklabs!tekmdp!randals or ...!decvax!teklabs!tekmdp!randals (many other systems also know about us... check your local maps) Randal L. Schwartz Tektronix Microcomputer Development Products Beaverton, Oregon P.S. If you have friends that are not on the net, but ARE running UUCP, (are there really any sites like that?) please tell them about this... it IS important that as MANY systems as possible get fixed. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.

AltStyle によって変換されたページ (->オリジナル) /