[TUHS] The size of EMACS, and what hides in kLOCs
jim at deitygraveyard.com
Mon Feb 27 05:19:08 AEST 2017
On Sun, Feb 26, 2017 at 1:23 PM, Tim Bradshaw <tfb at tfeb.org> wrote:
> This was the movemail SUID bug, and it's indeed in the original although I'm not sure how much detail he goes into.
Not much detail:
In the way it was installed on our Unix computer, the Gnu-Emacs editor
lets you forward a mail file from your own directory to anyone else in an
unusual way. It doesn't check to see who's receiving it, or even whether they
want the file. It just renames the file and changes its ownership label. You've
just transferred ownership of the file from you to me.
No problem to sent a file from your area to mine. But you'd better not
be able to move a file into the protected systems area: only the system
manager is allowed there. Stallman's software had better make sure this can't
Gnu didn't check. It let anyone move a file into protected systems
space. The hacker knew this; we didn't.
The hacker used Gnu to swap his special atrun file for the system's
legitimate version. Five minutes later, the system hatched his egg, and he
held the keys to my computer.
More information about the TUHS