[TUHS] Cool talk on Unix and Sendmail history, by Eric Allman

Warner Losh imp at bsdimp.com
Sun Jul 23 01:24:55 AEST 2023

On Sat, Jul 22, 2023, 8:54 AM Rich Salz <rich.salz at gmail.com> wrote:

> He says he wraps everything he uses in the standard library; "this tends
> to make my code idiosyncratic."  At some Usenix, someone once summed it up
> to me as "It is the most beautiful code that is completely unmodifiable."
> Seemed appropriate.  (Compare to procmail, where the quote was "seen the
> source? Gaah, my eyes are melting.")

Back in the 80s I looked at sendmail.. lots of things like strcpy written
inline. It was a mess in some ways, but ran more slowly if you cleaned all
that stuff up. It was decently well done, but had also clearly grown well
beyond its original framing...

The thing is... you don't need wrappers for standard calls. You just need
portable implementations of them for the times they are missing or broken.

I enjoyed watching this, thanks. I agree with the other comment "what,
> nothing about security?" Sendmail did enable the first Internet worm :)

Some of that was the times: almost nothing cared about security in a world
full of active attackers... having already forgotten the lessons of the
early v5 deployments exposing unix to lots of bored college students that
needed to do something and quickly found holes in unix's protections..
though known at the time, the stack smash wasn't believed generally to be a
severe threat. Even after the eorm, it was 10 years later openbsd started
its wide spread effort to fix them...

Gets() was the real problem that leD to the worm. The insecurity was baked
into the APIs until the 90s... and many insecure APIs weren't removed until
the last decade.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20230722/be5ff433/attachment.htm>

More information about the TUHS mailing list