From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HTML_MESSAGE,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 12105 invoked from network); 22 Jul 2023 15:25:21 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 22 Jul 2023 15:25:21 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id A92AF42A3F; Sun, 23 Jul 2023 01:25:16 +1000 (AEST) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by minnie.tuhs.org (Postfix) with ESMTPS id D378A42A33 for ; Sun, 23 Jul 2023 01:25:07 +1000 (AEST) Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-5217ad95029so3707780a12.2 for ; Sat, 22 Jul 2023 08:25:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20221208.gappssmtp.com; s=20221208; t=1690039506; x=1690644306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=LEPTRRvdy0A/Q7gIgh7i/l0rLFFZ/239uIksmLsJw/E=; b=Mp1zTdtKr4pog4rsQZcP2VVIVGAImJGDTNfRMym4I1Au6HUGCNKSV50HYyBIk02Rgs 7rxIoUX95ygk8/BIJLLEdidU2XY2Dr+kj3cKqd4W40fwe3dDHPp8Qql2/PKshWfucQhF 7Y+7O7GtTP0QyPgrfzz2YgVJGufignrR+I1TFhfdo1B5YRyiLgooDojK1g6wDX+8I5I/ 3pWZsUn5paSphI9jPfudmn68Qgu5q/3LwllM/Uj7FGey3boNBUQrcwtiZmHw6R/hKBOz fLB7drQVKW5ajcDMDbNtsqGOApyYWuwRGswrGFkM8VDLWWsyrbGOwG/oks7qcQmc72Gv NrPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690039506; x=1690644306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LEPTRRvdy0A/Q7gIgh7i/l0rLFFZ/239uIksmLsJw/E=; b=AToZz1MlGjOpxjunQsE3Z0tIrbRROY67pmvzBYeE6bJRvcYfzEPCMM1CqeFeZiJdHE kwzv9o5kjHnbihhjbvYPX0tNdG1U2WcrRSkiiYUAcDxTZQXFFbthDx/xpmrVoQipmJCA RiroNqmPnWKececJKJSZWEffhzPwTtKXlIxb7v4FgZwU13Ph5wKCXda+hTOyp8ehBF7L 0HAWCEWyorUqG8H0QPbhyibiDDg4Aee77ZRE1wftTbGR13oECvgVEtwpIv1ZS4lD/gmy HlA0tK94JnCnP7tpBJkdeIskLGqKau/ITwnmPAVHYkIsPKaAc5AjAfsUTklrBY14QocQ xhIA== X-Gm-Message-State: ABy/qLbrZinC5w6A6uvAt4WzFQ0raxbQoh+KBzofaxFMDqqel/aH+oYN EAXqRs/vCSE2Egt7mk1G+31vrMsVG1tXaMDYhFQwzw== X-Google-Smtp-Source: APBJJlHj6lpItEK7I2/fZ87LfnBf2/OZoCD8iHo6uEuNC6B4E11l5yraFV1Z/bqVe4ZxWoJec0QDNFqPiYoBwh03TeU= X-Received: by 2002:a05:6402:1a49:b0:521:d75d:3c00 with SMTP id bf9-20020a0564021a4900b00521d75d3c00mr4090598edb.38.1690039505641; Sat, 22 Jul 2023 08:25:05 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Warner Losh Date: Sat, 22 Jul 2023 09:24:55 -0600 Message-ID: To: Rich Salz Content-Type: multipart/alternative; boundary="00000000000063f4b7060114fc8a" Message-ID-Hash: 46S76MYSTBBHNHT5Q4ZWTEIITIRMXGAE X-Message-ID-Hash: 46S76MYSTBBHNHT5Q4ZWTEIITIRMXGAE X-MailFrom: wlosh@bsdimp.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: The Eunuchs Hysterical Society X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Cool talk on Unix and Sendmail history, by Eric Allman List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --00000000000063f4b7060114fc8a Content-Type: text/plain; charset="UTF-8" On Sat, Jul 22, 2023, 8:54 AM Rich Salz wrote: > He says he wraps everything he uses in the standard library; "this tends > to make my code idiosyncratic." At some Usenix, someone once summed it up > to me as "It is the most beautiful code that is completely unmodifiable." > Seemed appropriate. (Compare to procmail, where the quote was "seen the > source? Gaah, my eyes are melting.") > Back in the 80s I looked at sendmail.. lots of things like strcpy written inline. It was a mess in some ways, but ran more slowly if you cleaned all that stuff up. It was decently well done, but had also clearly grown well beyond its original framing... The thing is... you don't need wrappers for standard calls. You just need portable implementations of them for the times they are missing or broken. I enjoyed watching this, thanks. I agree with the other comment "what, > nothing about security?" Sendmail did enable the first Internet worm :) > Some of that was the times: almost nothing cared about security in a world full of active attackers... having already forgotten the lessons of the early v5 deployments exposing unix to lots of bored college students that needed to do something and quickly found holes in unix's protections.. though known at the time, the stack smash wasn't believed generally to be a severe threat. Even after the eorm, it was 10 years later openbsd started its wide spread effort to fix them... Gets() was the real problem that leD to the worm. The insecurity was baked into the APIs until the 90s... and many insecure APIs weren't removed until the last decade. Warner > --00000000000063f4b7060114fc8a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Sat, Jul 22, 2023, 8:54 AM Rich Salz <rich.salz@gmail.com> wrote:
He says= he wraps everything he uses in the standard library; "this tends to m= ake my code idiosyncratic."=C2=A0 At some Usenix, someone once summed = it up to me as "It is the most beautiful code that is completely unmod= ifiable."=C2=A0 Seemed appropriate.=C2=A0 (Compare to procmail, where = the quote was "seen the source? Gaah, my eyes are melting.")

Back in the 80s I looked at sendmail.. lots of things like strcpy= written inline. It was a mess in some ways, but ran more slowly if you cle= aned all that stuff up. It was decently well done, but had also clearly gro= wn well beyond its original framing...

The thing is... you don't need wrappers for standard cal= ls. You just need portable implementations of them for the times they are m= issing or broken.

I enjoyed watching this, thanks. I agree with the other com= ment "what, nothing about security?" Sendmail did enable the firs= t Internet worm :)

Some of that was the times: almost nothing = cared about security in a world full of active attackers... having already = forgotten the lessons of the early v5 deployments exposing unix to lots of = bored college students that needed to do something and quickly found holes = in unix's protections.. though known at the time, the stack smash wasn&= #39;t believed generally to be a severe threat. Even after the eorm, it was= 10 years later openbsd started its wide spread effort to fix them...
=

Gets() was the real problem t= hat leD to the worm. The insecurity was baked into the APIs until the 90s..= . and many insecure APIs weren't removed until the last decade.

Warner=C2=A0
--00000000000063f4b7060114fc8a--