[TUHS] Buffer overflow found/fixed in v4 tape ;)
Warren Toomey via TUHS
tuhs at tuhs.org
Wed Jan 14 10:32:45 AEST 2026
On Mon, Jan 05, 2026 at 11:13:58AM -0700, Luther Johnson via TUHS wrote:
> I think in the beginning it just wasn't considered that we had to protect
> against programs intentionally doing harm. Who would do that? But now we
> know.
Some people knew back then too :-)
https://www.tuhs.org/Archive/Documentation/AUUGN/AUUGN-V01.1.pdf
(Oct 1978) page 13 has several good stories including one of a buffer overflow:
Soon the "computniks" tired of "Cyber cracking" and turned their attention
to UNIX. A super-user accidentally left the source mounted "readable by
others" for about 30 minutes. In this time user file space soared (copies
of source in various disguises) and a bug was discovered in "login"
where password length was not checked properly and enabled a password
of specific length to be entered followed by its known encryption. It
took two days to clean up all the set-uid-root shells and spare
source AND ALL IN 30 MINUTES!!!!!
It's a good article to read from end to end.
Cheers, Warren
More information about the TUHS
mailing list