Earl Boebert writes:
> From: Earl Boebert <boebert @
> Subject: Getting Root on Sidewinder
> To: firewalls @
> Date: Fri, 11 Nov 1994 16:04:11 -0600 (CST)
> Mike O'Connor <mjo @
> >Dear Firewall Fiends,
> >I haven't heard anything from the Sidewinder folks in a couple days,
> >so I figure the list is as good a plce to post this as anywhere. The
> >Challenge specs are available via anonymous FTP from ftp.sctc.com, if
> >you're wondering what some of the specifics below are referring to.
> Sorry for the delay; I thought we had gotten back to you right away.
> >I find it somewhat disheartening that they didn't keep track of the
> >BSDI patches or the bsdi-users mailing list for security issues,
> >particularly when they want to use BSDI as the basis for a mission
> >critical security system. I'm still wondering why what they said
> >didn't appear to correspond with what was on the system when I probed.
> Rather than try to reply in generalities, I think it would be best if
> you told the list what you did and how far it got you. As we say in
> the description of the system, we don't regard unauthorized root
> access as that big a deal, because on Sidewinder it's really
> "rootlet:" root access limited to a specific domain. It doesn't let
Sounds like double talk. Since Mike was able to exploit a well known
hole, I would NOT like to bet that their aren't more.
Tom Brink tom @
Technical Support Specialist
Technical Research Center
Information Services Group
Arizona Department of Transportation