[TUHS] Old Unix vulnerabilities
random832 at fastmail.com
Sun May 14 15:52:30 AEST 2017
On Sat, May 13, 2017, at 19:34, Dave Horsfall wrote:
> OK, I'll kick it off.
> A beauty in V6 (and possibly V7) was discovered by the kiddies in Elec
> Eng; by sending a signal with an appropriately-crafted negative value (as
> determined from inspecting <user.h>) you could overwrite u.u_uid with
> zero... Needless to say I scrambled to fix that one on my 11/40 network!
V7 fixes it by changing the if(sig >= NSIG) in psignal to cast it to
unsigned. Kill still doesn't validate its parameter until SysIII and
4BSD. PWB1 does not have the fix.
More information about the TUHS