[TUHS] Cool talk on Unix and Sendmail history, by Eric Allman

Norman Wilson norman at oclsc.org
Mon Jul 31 04:22:55 AEST 2023

Doug McIlroy:

  This reminds me of how I agonized over Mike Lesk's refusal to remove
  remote execution from uucp.


Uux, the remote-execution mechanism I remember from uucp, had
rather better utility than the famous Sendmail back-door: it
was how uucp carried mail, by sending a file to be handed to
mailer on the remote system.  It was clearly dangerous if
the remote site accepted any command, but as shipped in V7
only a short list of remote commands was allowed: mail rmail
lpr opr fsend fget.  (As uucp was used to carry other things
like netnews, the list was later extended by individual sites,
and eventually moved to a file so reconfiguration needn't
recapitulate compilation).

Not the safest of mechanisms, but at least in V7 it had a use
other than Mike fixing your system for you.

Is there some additional history here?  e.g. was the list of
permitted commands added after arguments about safety, or
some magic command that let Mike in removed?  Or was there a
different remote-execution back door I don't remember and don't
see in a quick look at uuxqt.c?

Norman Wilson
Toronto ON

More information about the TUHS mailing list