a holiday gift from Robert "wormer" Morris
Steven M. Bellovin
smb at ulysses.homer.nj.att.com
Thu Nov 10 14:18:15 AEST 1988
> According to press reports, RM spent his summers working at AT&T
> on "Unix Communications Software Security". Anyone with a source
> license check to see if he slipped a trojan horse into uucico
> or uuxqt or something?
Morris wrote an entirely new version of uucp, one that a higher degree
of inherent security than any of its predecessors. It was in fact
installed as the production uucp on a number of research machines for
several years. Ultimately, it was supplanted by Honey DanBer uucp
because it wasn't hardened enough against real-world failures. At
Morris's request, I went over the code in great detail; there were
no holes visible -- and I repeat, I studied his code thoroughly.
In any event, to the best of my knowledge that version of uucp was
never released.
--Steve Bellovin
More information about the Comp.unix.wizards
mailing list