Xref: utzoo comp.protocols.tcp-ip:5273 comp.unix.wizards:12281
Path: utzoo!utgpu!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <10832@ulysses.homer.nj.att.com>
Date: 10 Nov 88 04:18:15 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <24@jove.dec.com> <1445@anasaz.UUCP>
Distribution: na
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 17

> According to press reports, RM spent his summers working at AT&T
> on "Unix Communications Software Security". Anyone with a source
> license check to see if he slipped a trojan horse into uucico
> or uuxqt or something?

Morris wrote an entirely new version of uucp, one that a higher degree
of inherent security than any of its predecessors.  It was in fact
installed as the production uucp on a number of research machines for
several years.  Ultimately, it was supplanted by Honey DanBer uucp
because it wasn't hardened enough against real-world failures.  At
Morris's request, I went over the code in great detail; there were
no holes visible -- and I repeat, I studied his code thoroughly.
In any event, to the best of my knowledge that version of uucp was
never released.


		--Steve Bellovin