From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 19580 invoked from network); 30 Jul 2023 21:44:29 -0000 Received: from minnie.tuhs.org (2600:3c01:e000:146::1) by inbox.vuxu.org with ESMTPUTF8; 30 Jul 2023 21:44:29 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 2A9E7410E3; Mon, 31 Jul 2023 07:44:24 +1000 (AEST) Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by minnie.tuhs.org (Postfix) with ESMTPS id ABD2F410E2 for ; Mon, 31 Jul 2023 07:44:11 +1000 (AEST) Received: by mail-qk1-x730.google.com with SMTP id af79cd13be357-768054797f7so356042085a.2 for ; Sun, 30 Jul 2023 14:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690753450; x=1691358250; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qD4A/iNOTeBL2+iH6EZWD4mNBgWFJX9ojA3YhVTyAC8=; b=UnPbSl/6zMikD3WN37vS8lN881r332j94XivDGY1Hsb7jSYAoq0cbiCmhzjPIxl6wX jzGqrWc4HArSfBveuf+H7zmwUniJ8QKLQa1oAzCjt85Jdp6+7f0UxVhMrxeOqczTWCJ3 0PIDVNDwsWGXJKkQ4emrXBsAHKgSAU4VqeQgtXOOB4Yi9YHL8M3o1ruk3B2wjPor2c/e jiYGjSBsU7t24PGdD7QDVZR34iHesjvjugVQ7+llNFlCXFiF6zsW7Yb2zZO/s1xj/+Ia Qt6/TSe36MwOxr/ECqgyyv+ZkyUg6dzJ29IOFf0dyYjtWl0CC6mkIumN5YLyU3He6IcA SwXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690753450; x=1691358250; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qD4A/iNOTeBL2+iH6EZWD4mNBgWFJX9ojA3YhVTyAC8=; b=kxf/qhnJWtDglK655z9cQTSy9E2qAsJfq+2E5Lh2eCeG05lmuZeEDOgg+V8T6O81si 08C+5b3+yNqm4PESV7l0SwmtpL3+CAsyn7Ykle5oDKG20b62QcK9wcX2uP5fGTv9mcbG pMbhTURtZFXkZYqqt9EN7eEPMqtnD1CYPTe3UEKSF3SkZuIACh1G8LRdVp04jBiwZLgW 7iObEGisjI+qbfrAtviPA6j1dHFPQufiEhHyk07SwS4wxBniH/Nliqxx4LLB7RpBfo3h HuQXP+k5mkICNX+/yrFgbgaHq9bQx2RGnvtilD2/KXfqRwnFpCH+q0LNRPuiykeMys+x X2jg== X-Gm-Message-State: ABy/qLZrvqjiOne0aI9c+1hiV7mHwLNgsyxoAVsL/b/CXtm4Jv7Zyu3x YCmZieSI1bxObbSwF9JIyWs9thymzNeDpFVYKkg8C4CC X-Google-Smtp-Source: APBJJlGIjnpE6dQ4km9cHtC0zE73YdlGHVtDMoWAKdyVc1JxPZGlJPA61DRg2AfSj2/pzMjmjruYpNL/KJOQBymz43A= X-Received: by 2002:a05:620a:46a5:b0:768:1bb9:4363 with SMTP id bq37-20020a05620a46a500b007681bb94363mr11372568qkb.46.1690753450497; Sun, 30 Jul 2023 14:44:10 -0700 (PDT) MIME-Version: 1.0 References: <1B96127522E338B678C2F77EB615BFFF.for-standards-violators@oclsc.org> In-Reply-To: <1B96127522E338B678C2F77EB615BFFF.for-standards-violators@oclsc.org> From: Rob Pike Date: Mon, 31 Jul 2023 07:43:59 +1000 Message-ID: To: Norman Wilson Content-Type: multipart/alternative; boundary="000000000000d1daf40601bb36d6" Message-ID-Hash: 26QS7LRTSZ5GKO5GWUQZCLDHF6GFY4NF X-Message-ID-Hash: 26QS7LRTSZ5GKO5GWUQZCLDHF6GFY4NF X-MailFrom: robpike@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: tuhs@tuhs.org X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000d1daf40601bb36d6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable There was also a feature Mike Lesk added that allowed a marked line, something like %! command to cause the command to be executed when the recipient read the mail, for example to demonstrate a feature of a program or teach the recipient something. He meant well. Dennis had the closest he ever had to a conniption, and it was taken out post haste. Meaning well is not enough. -rob On Mon, Jul 31, 2023 at 4:23=E2=80=AFAM Norman Wilson wr= ote: > Doug McIlroy: > > This reminds me of how I agonized over Mike Lesk's refusal to remove > remote execution from uucp. > > =3D=3D=3D=3D > > Uux, the remote-execution mechanism I remember from uucp, had > rather better utility than the famous Sendmail back-door: it > was how uucp carried mail, by sending a file to be handed to > mailer on the remote system. It was clearly dangerous if > the remote site accepted any command, but as shipped in V7 > only a short list of remote commands was allowed: mail rmail > lpr opr fsend fget. (As uucp was used to carry other things > like netnews, the list was later extended by individual sites, > and eventually moved to a file so reconfiguration needn't > recapitulate compilation). > > Not the safest of mechanisms, but at least in V7 it had a use > other than Mike fixing your system for you. > > Is there some additional history here? e.g. was the list of > permitted commands added after arguments about safety, or > some magic command that let Mike in removed? Or was there a > different remote-execution back door I don't remember and don't > see in a quick look at uuxqt.c? > > Norman Wilson > Toronto ON > --000000000000d1daf40601bb36d6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
There was also a feature Mike Lesk added that allowed a marked li= ne, something like

%! command

to cause the command to be executed when = the recipient read the mail, for example to demonstrate a feature of a prog= ram or teach the recipient something. He meant well. Dennis had the closest= he ever had to a conniption, and it was taken out post haste. Meaning well= is not enough.

-rob


On Mon, Jul 31, 2023 at 4:23=E2=80=AFAM Norma= n Wilson <norman@oclsc.org> w= rote:
Doug McIlr= oy:

=C2=A0 This reminds me of how I agonized over Mike Lesk's refusal to re= move
=C2=A0 remote execution from uucp.

=3D=3D=3D=3D

Uux, the remote-execution mechanism I remember from uucp, had
rather better utility than the famous Sendmail back-door: it
was how uucp carried mail, by sending a file to be handed to
mailer on the remote system.=C2=A0 It was clearly dangerous if
the remote site accepted any command, but as shipped in V7
only a short list of remote commands was allowed: mail rmail
lpr opr fsend fget.=C2=A0 (As uucp was used to carry other things
like netnews, the list was later extended by individual sites,
and eventually moved to a file so reconfiguration needn't
recapitulate compilation).

Not the safest of mechanisms, but at least in V7 it had a use
other than Mike fixing your system for you.

Is there some additional history here?=C2=A0 e.g. was the list of
permitted commands added after arguments about safety, or
some magic command that let Mike in removed?=C2=A0 Or was there a
different remote-execution back door I don't remember and don't
see in a quick look at uuxqt.c?

Norman Wilson
Toronto ON
--000000000000d1daf40601bb36d6--