Xref: utzoo comp.protocols.tcp-ip:5178 comp.unix.wizards:12165
Path: utzoo!attcan!uunet!husc6!bloom-beacon!spdcc!eli
From: eli@spdcc.COM (Steve Elias)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: a holiday gift from Robert "wormer" Morris
Message-ID: <2060@spdcc.COM>
Date: 6 Nov 88 16:51:15 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU>
Reply-To: eli@spdcc.COM (Steve Elias)
Distribution: na
Organization: yes
Lines: 29

"Wormer" Morris has quite a career ahead of him, i'll bet.
he has done us all a favor by benevolently bashing bsd 'security'.

the smtp/sendmail security hole that he exploited was big enough to 
drive the Whirlwhind computer through -- never mind a few
thousand Suns & bsd vaxes.

the hole was so obvious that i surmise that Morris
was not the only one to discover it.  perhaps other less
reproductively minded arpanetters have been having a field
'day' ever since this bsd release happened. 

some of the more security minded folk out there might have 
archived ps records which could indicate the presence of 
spurious shells spawned from smtp.  depending on how long
Mr. Morris used the security hole, he may be very well qualified
to tell all whether he saw signs of other creative use of the
sendmail security gift.   

in at least one sense, Morris has done a service for the internet.
nobody will be able to continue to "benefit" from the bsd/sysV
sendmail -- which was the true trojan horse.



-- 

 
  	harvard!spdcc!eli