Path: utzoo!attcan!uunet!mcvax!ukc!mucs!els!dente From: dente@els.uucp (Colin Dente) Newsgroups: comp.sys.apollo Subject: Re: security hole Message-ID: <6452@ux.cs.man.ac.uk> Date: 11 Aug 89 16:35:03 GMT References: <44e9d7d4.c4b0@apollo.HP.COM> Sender: news@ux.cs.man.ac.uk Reply-To: dente@els.ee.man.ac.uk (Colin Dente) Organization: University of Manchester, UK Lines: 34 In article <44e9d7d4.c4b0@apollo.HP.COM> dawson@apollo.HP.COM (Keith Dawson) writes: >In a recent posting Peter Lipp [plipp@tugiig.uucp] details a > > Possible Security Problem with DOMAIN-OS and the Display-Manager >[Gives patch numbers for 9.7 and 10.1] >These patches can be applied to /lib/streams on any version of SR9.7 >and SR10.1, including the versions that support Domain/X11. Please ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Well, I 'phoned my local support office, and they told me that the release notes for the 9.7 patch (they haven't got the 10.1 patch yet) state that it should *not* be applied if you are running Domain/X11. Naturally, I was a bit miffed at this - so I 'phoned Keith to see what he had to say. He seemed to think that the patch was, infact, more than one patch in one bundle, and if I applied just the /lib/streams part, I'd be okay. Anyway, I'm waiting for a floppy to land on my doormat with the patch on it, and when it does, I'll try it and let you know. Just thought I'd try to clear the confusion in the meantime. >We regret the broad dissemination of detailed instructions for exploiting >a security hole. So do I...... |-( Colin =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Colin Dente | JANET: dente@uk.ac.man.ee.els | | Dept. of Electrical Engineering | ARPA: dente@els.ee.man.ac.uk | | University of Manchester | UUCP: ...!mcvax!ukc!man.ee.els!dente | | England | These might work now, but then again... | |-----------------------------------------------------------------------------| =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=