From mboxrd@z Thu Jan 1 00:00:00 1970 From: jim@deitygraveyard.com (Jim Carpenter) Date: Sun, 26 Feb 2017 14:19:08 -0500 Subject: [TUHS] The size of EMACS, and what hides in kLOCs In-Reply-To: <22DFC2A3-0279-43FD-BBD6-9A1BF32E5E80@tfeb.org> References: <20170226124657.GB21079@yeono.kjorling.se> <20170226170543.GA21831@yeono.kjorling.se> <22DFC2A3-0279-43FD-BBD6-9A1BF32E5E80@tfeb.org> Message-ID: On Sun, Feb 26, 2017 at 1:23 PM, Tim Bradshaw wrote: > This was the movemail SUID bug, and it's indeed in the original although I'm not sure how much detail he goes into. Not much detail: """ In the way it was installed on our Unix computer, the Gnu-Emacs editor lets you forward a mail file from your own directory to anyone else in an unusual way. It doesn't check to see who's receiving it, or even whether they want the file. It just renames the file and changes its ownership label. You've just transferred ownership of the file from you to me. No problem to sent a file from your area to mine. But you'd better not be able to move a file into the protected systems area: only the system manager is allowed there. Stallman's software had better make sure this can't happen. Gnu didn't check. It let anyone move a file into protected systems space. The hacker knew this; we didn't. The hacker used Gnu to swap his special atrun file for the system's legitimate version. Five minutes later, the system hatched his egg, and he held the keys to my computer. """ Jim