BTW: As I think more about it, I believe that it is probable that George
found it on the PDP-11 first (V7) not yet BSD 3.0/4.0 (altlhough I've
forgotten the date or which USENIX we had the meeting). I'm not sure why,
but I remember putting the fix into a multiple kernels due to specifics of
the different MMUs). Because of that, memory I'm going to date it as
probably 1981, because I would have had 3 different kernels to play with:
PDP-11, Vax and Glaser and I were writing Magix an OS for the Tek Magonlia,
a 68000 based workstation being build in Tek Labs.
But I'm sure if we go hunting through different people's records around
that time, changes to the profile kernel code for security will show up.
As I said, George originally found it and we all grabbed his fix... so I
would expect to see a lot of updated kernels with a similar changes around
the same time; but all put in by different people - but I fear, it was also
earlier enough that this was before SCCS was widely being used; so tracking
it can only be done by looking at distribution tapes from those times.
Clem
On Fri, May 12, 2017 at 3:43 PM, Clem Cole <clemc(a)ccc.com> wrote:
Could be. The scare was that the anti-UNIX folks
would get wind of it
and it would used in the fight as to why VMS was 'better.' The CS Research
community has not yet made the switch off the 36 bit world to Vaxen, so the
Arpanet community is still pretty much PDP-10 central; but it was also
right around the time when DARPA was defunding the PDP-10; had chosen the
VAX but was arguing VMS vs UNIX.
I don't thing CSRG had been funded as a group yet. Joy might have done his
'fast vax' paper to show that UNIX was just as good as VMS, but that work
might be on the horizon. Certainly all of 4.1a/b/c, 4.2, 4.3, NET-x was
years away.
The point is that you didn't (yet) have a mass of students on the systems
'in the field', but some folks had that as a vision (and want it to be that
way and are scared it something bad happens 'in the press' - it would cause
a set back.
At the that time, think a couple of Universities are >>starting<< to use
UNIX for general CS classes/teaching (Purdue & UCB being two of them),
maybe Michigan and U of I, but I think CMU and Stanford are still using
PDP-20's [not sure about MIT] (where Princeton and UCLA I think were still
IBM shops for undergrads).
So the whole reason to keep it quiet @ the USENOX conference was because
it was felt at the time, the folks in that room were the primary people
hacking the kernel and if we all took the couple of lines of fix back to
our shops, the problem was solved.
It sort of blows my mind if Doug never knew about it, in hind sight it
seems George got his wish!!
Clem
On Fri, May 12, 2017 at 2:56 PM, Dan Cross <crossd(a)gmail.com> wrote:
On Fri, May 12, 2017 at 2:43 PM, Doug McIlroy
<doug(a)cs.dartmouth.edu>
wrote:
We all took the code back and promised to get
patches out ASAP and
not tell any one about it.
Fascinating. Chnages were installed frequently in the Unix lab, mostly
at night without fanfare. But an actual zero-day should have been big
enough news for me to have heard about. I'm pretty sure I didn't; Dennis
evidently kept his counsel.
I wonder if such a thing would have been treated the same way within Bell
Labs as outside?
Presumably you didn't have to worry about hordes of undergraduates
picking over your systems looking for ways to get root access. Or, indeed,
undergraduates doing anything on your systems, save for the occasional
intern or precocious child of an employee. For that matter, this raises a
question: what was the attitude towards root access within the labs? Was it
constrained to the anointed few or did a large-ish number of people have it?
Anyway, I could well imagine a scenario where Dennis comes back but
thinks fairly little of it and makes vague mention of a fairly serious bug
but gives it little more thought than any other fairly serious bug. It's
patched and folks go on with their lives, since it's much less likely to be
the source of irritation in a corporate search department than it would be
in, say, a university.
- Dan C.