Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!labrea!decwrl!vixie
From: vixie@decwrl.dec.com (Paul Vixie)
Newsgroups: news.sysadmin
Subject: Re: The worm/virus was a good thing
Message-ID: <37@gnome6.pa.dec.com>
Date: 8 Nov 88 06:45:31 GMT
References: <16496@agate.BERKELEY.EDU> <2266@looking.UUCP>
Organization: DEC Western Research Lab
Lines: 28

Here we go with the second-order effects.  We're going to use more bandwidth
arguing about this then the worm used.  But as long as everyone is going to
pontificate, let me set one or two facts straight along the way...

# This virus displayed one of the nastiest holes you can have in a system.
       ^^^^^
# Root access to every vax/sun with a debug-enabled sendmail program.
  ^^^^
# Very nasty things could have been done.

If root access had been given, no doubt nastier things could have been done.

But root access wasn't given.  Sendmail runs as root but setuid(2)'s
whenever it's about to try to deliver something.  It setuid(2)'s to the
sender, if the message was generated locally; otherwise it setuid(2)'s to a
(more or less) hardcoded "1", which is usually "daemon" on BSD-type systems
and which generally has less ability to scribble on important files than
"root" would have.

Yes, having random code imported to your system and executed as daemon is an
ugly and unsettling thing, and it's, um, "evil and rude" :-), but it is just
a little bit (one notch, maybe) less troublesome than if it ran as root.

And, although every newspaper in the country and half the administrators on
the Internet want it to be a "virus", it was really a "worm".
-- 
Paul Vixie
Work:    vixie@decwrl.dec.com    decwrl!vixie    +1 415 853 6600
Play:    paul@vixie.sf.ca.us     vixie!paul      +1 415 864 7013