On Fri, May 12, 2017 at 2:43 PM, Doug McIlroy <doug(a)cs.dartmouth.edu> wrote:
We all took the code back and promised to get
patches out ASAP and not
tell any one about it.
Fascinating. Chnages were installed frequently in the Unix lab, mostly
at night without fanfare. But an actual zero-day should have been big
enough news for me to have heard about. I'm pretty sure I didn't; Dennis
evidently kept his counsel.
I wonder if such a thing would have been treated the same way within Bell
Labs as outside?
Presumably you didn't have to worry about hordes of undergraduates picking
over your systems looking for ways to get root access. Or, indeed,
undergraduates doing anything on your systems, save for the occasional
intern or precocious child of an employee. For that matter, this raises a
question: what was the attitude towards root access within the labs? Was it
constrained to the anointed few or did a large-ish number of people have it?
Anyway, I could well imagine a scenario where Dennis comes back but thinks
fairly little of it and makes vague mention of a fairly serious bug but
gives it little more thought than any other fairly serious bug. It's
patched and folks go on with their lives, since it's much less likely to be
the source of irritation in a corporate search department than it would be
in, say, a university.
- Dan C.