Path: news.mathworks.com!not-for-mail
From: "Jan Simon" <matlab.THIS_YEAR@nMINUSsimon.de>
Newsgroups: comp.soft-sys.matlab
Subject: Re: Undocumented Matlab vulnerability
Date: Tue, 7 Sep 2010 11:07:05 +0000 (UTC)
Organization: Universit&#228;t Heidelberg
Lines: 24
Message-ID: <i656cp$8l1$1@fred.mathworks.com>
References: <hiaa7r$bo2$1@fred.mathworks.com> <hiac5o$f33$1@fred.mathworks.com> <hib40q$mnh$1@fred.mathworks.com> <hj7u8o$9fk$1@fred.mathworks.com>
Reply-To: "Jan Simon" <matlab.THIS_YEAR@nMINUSsimon.de>
NNTP-Posting-Host: webapp-05-blr.mathworks.com
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: fred.mathworks.com 1283857625 8865 172.30.248.35 (7 Sep 2010 11:07:05 GMT)
X-Complaints-To: news@mathworks.com
NNTP-Posting-Date: Tue, 7 Sep 2010 11:07:05 +0000 (UTC)
X-Newsreader: MATLAB Central Newsreader 869888
Xref: news.mathworks.com comp.soft-sys.matlab:668160

Dear Bobby,

> Here it is. Sorry for the delay.
>
> http://www.mathworks.com/support/bugreports/
> Bug report number 611546 
> ---Bob.

> > This kills 2008b and 2009a also.

I appreciate, that this bug is fixed. Thanks!
As far as I understand, this serious bug is fixed in 2010b, while all earlier versions keep this vulnerability.

My computer administrator is absolutely *not* satisfied with the possibility of getting admin privilegs by a batch driven program. He suggests two solutions:
1. Run Matlab in a virtual machine without internet connection - unfortunately without intranet-connection also. 
2. Buy 10 licenses of 2010b and pay 3 workers for 3 month to perform a complete check of our test data set. If the results differ from tests with 2009a (and there have been tiny differences ever), the programs need some modifications and a new verification test. I assume, when these tests are finished, 2011a is available with new fixed bugs and the payed money is not spent, but burnt.

I'd suggest the only valuable solution:
Please publish bugfixes for old Matlab versions also. If it is to costly for TMW to support a bunch of old versions, please pick *one* old version and offer a long-term support with fixes of serious bugs only.

Running Matlab in an environment with demands for reliability and security is getting nearly impossible, if bugs are fixed for new versions only - because new versions *ever* include new bugs! 
Therefore I repeat it another time: A long term supported version of Matlab would be a great advantage.

Kind regards and thanks for listening, Jan