Re: a holiday gift from Robert "wormer" Morris


Steven M. Bellovin (ulysses!smb@ucbvax.Berkeley.EDU)
10 Nov 88 04:18:15 GMT


> According to press reports, RM spent his summers working at AT&T
> on "Unix Communications Software Security". Anyone with a source
> license check to see if he slipped a trojan horse into uucico
> or uuxqt or something?

Morris wrote an entirely new version of uucp, one that a higher degree
of inherent security than any of its predecessors. It was in fact
installed as the production uucp on a number of research machines for
several years. Ultimately, it was supplanted by Honey DanBer uucp
because it wasn't hardened enough against real-world failures. At
Morris's request, I went over the code in great detail; there were
no holes visible -- and I repeat, I studied his code thoroughly.
In any event, to the best of my knowledge that version of uucp was
never released.

                --Steve Bellovin



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT