Don't fix that security hole - sue the finder instead (fwd)
John Chambers
jc at trillian.mit.edu
Wed Jul 31 11:13:10 EDT 2002
What would be interesting would be to learn how many HP/Compaq/DEC
developers have been told about this in the past year. Was it buried
by management? Did someone develop a fix that wasn't distributed?
I can't imagine the techies in Nashua or Cambridge ignoring this. So
they must not have known about it. Any way we can get more info on
who knew what when?
Jerry Feldman writes:
| I found that interesting. My coworker is playing around with that exploiut
| now. Looking at it, it may be exploiting a hole in the chip's palcode,
| which can be easily fixed with a firmware upgrade. In any case, it should
| be fixable. More specifically, system calls are performed via a trap
| through the palcode.
| On 31 Jul 2002 at 9:33, David Kramer wrote:
| > HP had a security hole in their Tru64 UNIX. The fact was
| > apparently made public last year. Someone recently published
| > the info, along with sample C code that exploits the hole. HP
| > threatened them with DMCA prosecution and with a lawsuit.
| >
| > http://news.com.com/2100-1023-947325.html?tag=fd_lede
More information about the Discuss
mailing list