At 05:45 PM 2/12/95, Christopher Klaus wrote: >> >> I'm sorry if this has been discussed before. >> >> There is a major security problem with auditing under solaris 2.3 >> and 2.4. If you run bsmconv to turn on auditing, any user can >> break root very very easily. I'ld say more but I'ld like to give >> sun at least a little bit of a chance to fix it first. >> >> I have access to the source code for the os and have tracked down >> the one line of bad code. How can I contact Sun to tell them the >> problem with this line of code????????????? > >Send email to info@iss.net with the following in the body of the message: > >send vendor for faq > >This will send you the FAQ for various vendors to get in touch with. > >You can also email Sun at security-alert@sun.com and I am sure Mark Graff >can help you. > >Chris > >-- Hey Chris, Is this going to be in our class as well? Also, has John gotten you the info about the net address ranges yet? ===================================================== / I am a peripheral visionary... \ | I can sort of see the future ok... | | It's just off to the side | |=======================================================| | NASA MOD AIS Security Engineering Team | | --==8==-- | | dagostin@killerbee.jsc.nasa.gov (713)-282-3717) | \_________________________________ FAX: (713)-282-4922 /