From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from minnie.tuhs.org (minnie.tuhs.org [IPv6:2600:3c01:e000:146::1]) by inbox.vuxu.org (Postfix) with ESMTP id E202720926 for ; Wed, 1 Jan 2025 19:11:48 +0100 (CET) Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 470E042781; Thu, 2 Jan 2025 04:11:42 +1000 (AEST) Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by minnie.tuhs.org (Postfix) with ESMTPS id D78AA42767 for ; Thu, 2 Jan 2025 04:11:30 +1000 (AEST) Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-3862df95f92so4683651f8f.2 for ; Wed, 01 Jan 2025 10:11:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rikfarrow-com.20230601.gappssmtp.com; s=20230601; t=1735755089; x=1736359889; darn=tuhs.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JAR+LHmCOQj7FslZeNAe1bbihMoyUd2OADaOc/uIKbg=; b=ADGYF39UYtNYBfW0BBE5vXv2EhywIMEgtxQvaZvG/Vyp1nkQylCukl4ALYUTwxFhk6 2K84dNKWD32bZxkxHpYz7YP0Ea6kSJOvIFEzL6O3EJSbH/S0YVjDepSOzDbBQtdGVPLr GVhoU87yvBKo/E5z6kAo2On9cV7xqGR3q1fw4iXoAnwyc1wSy6f01q8FZIXYVMOLfpK2 luEG+HaC8XZxhwl4/lAXbp9BiBwcvKLTKv+zfBEj3NWPItdkk+een869HEzSi9NDsgSq QMXniCQ/lLcNQolMyOHZkaZzy8WjSYk/igIhdvtESSRU88P9toA89CawVF8asRm3pnAp FpUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735755089; x=1736359889; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JAR+LHmCOQj7FslZeNAe1bbihMoyUd2OADaOc/uIKbg=; b=f68LB+6e9XFR8mk7gmouJnweGX3g97jpEM/U4decOl1em5qUqB/WGg51vRvoBeOh7k ljSNG2PjP1+T1chQegonv2vcCE/L71mTY8A1vBMeyUamdEb5ubotQzHcIThyS2Rzd4Og CCSLYxrpRoWEklHl/LH1VCvti9H++4BDY9TFgI0HoS0vwPzZzXHT+gJ5bgXw0FNj0qFA 5oMmCWk1zjPNwwsZu9qq6lp3wbbnl1TgUcjrXQJik54EqwasIjo7SwJaT/i1jYyMdY5t 68pFE07I5PRMA1KvM7Zujat9oQnY3MOIYwgs1oz3RpIrj6XEv5Di82fUZv5Z/I/UbeF7 CEdg== X-Forwarded-Encrypted: i=1; AJvYcCVQwCV+aIZhAAe664oyRyONKwDOYis/xo+SglFg/eGFwkcCdEz77vhzjK1/YlAYMUeCD2Zp@tuhs.org X-Gm-Message-State: AOJu0Yw9TMAEQQ6bX0oVYjM3MyKBxVrgWGR1omy4BNBKQGTzV0t/Itzr QiSDmaOt/gVyyaYr02228Bx6SU/iyyrGO2VuiFxTEW7Lc3VySDRSzyMg/1MfjuMr8YLYBQMhzHS hWnLcTUkYprrWWLoABQM8OnVfHhloEqob54u5taxN4Q1q9Tye X-Gm-Gg: ASbGncsmMsymDr8uCUiHFfjxpJrNVrfevWQJlpfiHkl3Fqu99VvlD36Iv4KxA6D0TYL ayGH5xyCcSTWN5lwWdvGSN5ODm5vy7IfZYvNN1A== X-Google-Smtp-Source: AGHT+IHwIKPfvCUqaMBMbqUp2f/2BEZI+vSc9QkNtEpwiCbSZSPGY/xP3AywxbPkksuZLHNfWEm7MpaOSurGg9BbgDY= X-Received: by 2002:a5d:64ce:0:b0:385:f092:e16 with SMTP id ffacd0b85a97d-38a223fefbdmr38586334f8f.55.1735755088955; Wed, 01 Jan 2025 10:11:28 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Rik Farrow Date: Wed, 1 Jan 2025 11:11:13 -0700 Message-ID: To: Douglas McIlroy Content-Type: multipart/alternative; boundary="0000000000007ea06f062aa8f9d6" Message-ID-Hash: VSLECZSRPFITEADQMZETHTWBG5RK5CLC X-Message-ID-Hash: VSLECZSRPFITEADQMZETHTWBG5RK5CLC X-MailFrom: rik@rikfarrow.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tuhs.tuhs.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: The Eunuchs Hysterical Society X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: "Webster's Second on the Head of a Pin"? List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000007ea06f062aa8f9d6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I wonder what Reeds meant. I know there are issues. For example, the 3B2 I administered for a while in the late 80s had multiple accounts with rsh, the restricted shell, as the login shell. That was okay, unless you used su and then had access to a root shell. HP/UX was way worse, with over 120 SUID shell scripts in the 90s. A much more interesting example of insecurity. But somehow, I'm guessing that's not what Reeds wrote about. Rik On Wed, Jan 1, 2025 at 8:02=E2=80=AFAM Douglas McIlroy < douglas.mcilroy@dartmouth.edu> wrote: > I have it and will try to scan it in the next few days. Bug me if it > doesn't appear. > > Doug > > On Tue, Dec 31, 2024 at 11:37=E2=80=AFAM Chet Ramey = wrote: > > > > On 12/29/24 8:44 AM, Douglas McIlroy wrote: > > > I can supply a copy if no one else has beaten me to it. > > > > > > Ron Hardin subsequently pushed the limit even further. Unfortunately, > > > I do not have a record of that work. > > > > Along these same lines, does anyone on the list have a copy of > > > > "J. A. Reeds, /bin/sh: The biggest UNIX security Loophole, > > 11217-840302-04TM, AT&T Bell Laboratories, Murray Hill, NJ (1984)"? > > > > Years ago, in another lifetime, I wrote and asked him for a copy, but > > never got a reply. > > > > -- > > ``The lyf so short, the craft so long to lerne.'' - Chaucer > > ``Ars longa, vita brevis'' - Hippocrates > > Chet Ramey, UTech, CWRU chet@case.edu > http://tiswww.cwru.edu/~chet/ > --0000000000007ea06f062aa8f9d6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I wonder what Reeds meant. I know there are issues. For ex= ample, the 3B2 I administered for a while in the late 80s had multiple acco= unts with rsh, the restricted shell, as the login shell. That was okay, unl= ess you used su and then had access to a root shell.

HP/= UX was way worse, with over 120 SUID shell scripts in the 90s. A much more = interesting example of insecurity. But somehow, I'm guessing that's= not what Reeds wrote about.

Rik


On Wed, Jan 1, 2025 at 8:02=E2=80=AFAM Douglas McI= lroy <douglas.mcilroy@d= artmouth.edu> wrote:
I have it and will try to scan it in the next few days. Bug me = if it
doesn't appear.

Doug

On Tue, Dec 31, 2024 at 11:37=E2=80=AFAM Chet Ramey <chet.ramey@case.edu> wrote: >
> On 12/29/24 8:44 AM, Douglas McIlroy wrote:
> > I can supply a copy if no one else has beaten me to it.
> >
> > Ron Hardin subsequently pushed the limit even further. Unfortunat= ely,
> > I do not have a record of that work.
>
> Along these same lines, does anyone on the list have a copy of
>
> "J. A. Reeds, /bin/sh: The biggest UNIX security Loophole,
> 11217-840302-04TM, AT&T Bell Laboratories, Murray Hill, NJ (1984)&= quot;?
>
> Years ago, in another lifetime, I wrote and asked him for a copy, but<= br> > never got a reply.
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ``Ars lo= nga, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU=C2=A0 =C2=A0 chet@case.edu=C2=A0 =C2=A0 http://tiswww.cwru.edu= /~chet/
--0000000000007ea06f062aa8f9d6--