<div dir="ltr">I wonder what Reeds meant. I know there are issues. For example, the 3B2 I administered for a while in the late 80s had multiple accounts with rsh, the restricted shell, as the login shell. That was okay, unless you used su and then had access to a root shell.<div><br></div><div>HP/UX was way worse, with over 120 SUID shell scripts in the 90s. A much more interesting example of insecurity. But somehow, I'm guessing that's not what Reeds wrote about.</div><div><br></div><div>Rik</div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, Jan 1, 2025 at 8:02 AM Douglas McIlroy <<a href="mailto:douglas.mcilroy@dartmouth.edu">douglas.mcilroy@dartmouth.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I have it and will try to scan it in the next few days. Bug me if it<br>
doesn't appear.<br>
<br>
Doug<br>
<br>
On Tue, Dec 31, 2024 at 11:37 AM Chet Ramey <<a href="mailto:chet.ramey@case.edu" target="_blank">chet.ramey@case.edu</a>> wrote:<br>
><br>
> On 12/29/24 8:44 AM, Douglas McIlroy wrote:<br>
> > I can supply a copy if no one else has beaten me to it.<br>
> ><br>
> > Ron Hardin subsequently pushed the limit even further. Unfortunately,<br>
> > I do not have a record of that work.<br>
><br>
> Along these same lines, does anyone on the list have a copy of<br>
><br>
> "J. A. Reeds, /bin/sh: The biggest UNIX security Loophole,<br>
> 11217-840302-04TM, AT&T Bell Laboratories, Murray Hill, NJ (1984)"?<br>
><br>
> Years ago, in another lifetime, I wrote and asked him for a copy, but<br>
> never got a reply.<br>
><br>
> --<br>
> ``The lyf so short, the craft so long to lerne.'' - Chaucer<br>
> ``Ars longa, vita brevis'' - Hippocrates<br>
> Chet Ramey, UTech, CWRU <a href="mailto:chet@case.edu" target="_blank">chet@case.edu</a> <a href="http://tiswww.cwru.edu/~chet/" rel="noreferrer" target="_blank">http://tiswww.cwru.edu/~chet/</a><br>
</blockquote></div>