[TUHS] Cool talk on Unix and Sendmail history, by Eric Allman
Rob Pike
robpike at gmail.com
Mon Jul 31 07:43:59 AEST 2023
There was also a feature Mike Lesk added that allowed a marked line,
something like
%! command
to cause the command to be executed when the recipient read the mail, for
example to demonstrate a feature of a program or teach the recipient
something. He meant well. Dennis had the closest he ever had to a
conniption, and it was taken out post haste. Meaning well is not enough.
-rob
On Mon, Jul 31, 2023 at 4:23 AM Norman Wilson <norman at oclsc.org> wrote:
> Doug McIlroy:
>
> This reminds me of how I agonized over Mike Lesk's refusal to remove
> remote execution from uucp.
>
> ====
>
> Uux, the remote-execution mechanism I remember from uucp, had
> rather better utility than the famous Sendmail back-door: it
> was how uucp carried mail, by sending a file to be handed to
> mailer on the remote system. It was clearly dangerous if
> the remote site accepted any command, but as shipped in V7
> only a short list of remote commands was allowed: mail rmail
> lpr opr fsend fget. (As uucp was used to carry other things
> like netnews, the list was later extended by individual sites,
> and eventually moved to a file so reconfiguration needn't
> recapitulate compilation).
>
> Not the safest of mechanisms, but at least in V7 it had a use
> other than Mike fixing your system for you.
>
> Is there some additional history here? e.g. was the list of
> permitted commands added after arguments about safety, or
> some magic command that let Mike in removed? Or was there a
> different remote-execution back door I don't remember and don't
> see in a quick look at uuxqt.c?
>
> Norman Wilson
> Toronto ON
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20230731/9b07d0a2/attachment.htm>
More information about the TUHS
mailing list