Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Don't fix that security hole - sue the finder instead (fwd)



What would be interesting would be to learn  how  many  HP/Compaq/DEC
developers have been told about this in the past year.  Was it buried
by management?  Did someone develop a fix that wasn't distributed?

I can't imagine the techies in Nashua or Cambridge ignoring this.  So
they  must  not have known about it.  Any way we can get more info on
who knew what when?

Jerry Feldman writes:
| I found that interesting. My coworker is playing around with that exploiut
| now. Looking at it, it may be exploiting a hole in the chip's palcode,
| which can be easily fixed with a firmware upgrade. In any case, it should
| be fixable. More specifically, system calls are performed via a trap
| through the palcode.
| On 31 Jul 2002 at 9:33, David Kramer wrote:
| >   HP had a security hole in their Tru64 UNIX.  The fact was
| > apparently made public last year.  Someone recently published
| > the info, along with sample C code that exploits the hole.  HP
| > threatened them with DMCA prosecution and with a lawsuit.
| >
| > http://news.com.com/2100-1023-947325.html?tag=fd_lede




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org