There was also a feature Mike Lesk added that allowed a marked line,
something like
%! command
to cause the command to be executed when the recipient read the mail, for
example to demonstrate a feature of a program or teach the recipient
something. He meant well. Dennis had the closest he ever had to a
conniption, and it was taken out post haste. Meaning well is not enough.
-rob
On Mon, Jul 31, 2023 at 4:23 AM Norman Wilson <norman(a)oclsc.org> wrote:
Doug McIlroy:
This reminds me of how I agonized over Mike Lesk's refusal to remove
remote execution from uucp.
====
Uux, the remote-execution mechanism I remember from uucp, had
rather better utility than the famous Sendmail back-door: it
was how uucp carried mail, by sending a file to be handed to
mailer on the remote system. It was clearly dangerous if
the remote site accepted any command, but as shipped in V7
only a short list of remote commands was allowed: mail rmail
lpr opr fsend fget. (As uucp was used to carry other things
like netnews, the list was later extended by individual sites,
and eventually moved to a file so reconfiguration needn't
recapitulate compilation).
Not the safest of mechanisms, but at least in V7 it had a use
other than Mike fixing your system for you.
Is there some additional history here? e.g. was the list of
permitted commands added after arguments about safety, or
some magic command that let Mike in removed? Or was there a
different remote-execution back door I don't remember and don't
see in a quick look at uuxqt.c?
Norman Wilson
Toronto ON