[TUHS] Old Unix vulnerabilities

Random832 random832 at fastmail.com
Sun May 14 15:52:30 AEST 2017


On Sat, May 13, 2017, at 19:34, Dave Horsfall wrote:
> OK, I'll kick it off.
> 
> A beauty in V6 (and possibly V7) was discovered by the kiddies in Elec 
> Eng; by sending a signal with an appropriately-crafted negative value (as 
> determined from inspecting <user.h>) you could overwrite u.u_uid with 
> zero...  Needless to say I scrambled to fix that one on my 11/40 network!

V7 fixes it by changing the if(sig >= NSIG) in psignal to cast it to
unsigned. Kill still doesn't validate its parameter until SysIII and
4BSD. PWB1 does not have the fix.


More information about the TUHS mailing list