BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Don't fix that security hole - sue the finder instead (fwd)

Subject: Don't fix that security hole - sue the finder instead (fwd)
From: gaf at blu.org (Jerry Feldman)
Date: Wed, 31 Jul 2002 10:14:51 -0400
In-reply-to: <Pine.LNX.4.44.0207310932530.18886-100000@kramer.thekramers.net>

I found that interesting. My coworker is playing around with that exploiut 
now. Looking at it, it may be exploiting a hole in the chip's palcode, 
which can be easily fixed with a firmware upgrade. In any case, it should 
be fixable. More specifically, system calls are performed via a trap 
through the palcode. 
On 31 Jul 2002 at 9:33, David Kramer wrote:
>   HP had a security hole in their Tru64 UNIX.  The fact was
> apparently made public last year.  Someone recently published
> the info, along with sample C code that exploits the hole.  HP
> threatened them with DMCA prosecution and with a lawsuit.
> 
> http://news.com.com/2100-1023-947325.html?tag=fd_lede

-- 
Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9

Follow-Ups:
- Don't fix that security hole - sue the finder instead (fwd)
  - From: jc at trillian.mit.edu (John Chambers)

References:
- Don't fix that security hole - sue the finder instead (fwd)
  - From: david at thekramers.net (David Kramer)

Prev by Date: Don't fix that security hole - sue the finder instead (fwd)
Next by Date: Don't fix that security hole - sue the finder instead (fwd)
Previous by thread: Don't fix that security hole - sue the finder instead (fwd)
Next by thread: Don't fix that security hole - sue the finder instead (fwd)
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org