Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!csd4.milw.wisc.edu!leah!itsgw!steinmetz!uunet!seismo!rick
From: rick@seismo.CSS.GOV (Rick Adams)
Newsgroups: news.admin
Subject: Re: How about a virus?
Summary: put up or shut up
Message-ID: <44471@beno.seismo.CSS.GOV>
Date: 1 Jan 89 05:32:02 GMT
References: <10420@rpp386.Dallas.TX.US> <381@ispi.UUCP> <10547@rpp386.Dallas.TX.US>
Organization: Center for Seismic Studies, Arlington, VA
Lines: 40

Please spare me your whining. UUNET does not run HDB. It runs one of
those bug ridden V7 derivatives. In fact that probably makes it HARDER
for you because all those clever tricks you have saved up probably won't
work here.

As for shio(), I presume you want to do something tricky with what you
expect to be a popen(). Sorry, I fixed that about 3 years ago. It's real
hard to fake out the execv() of /bin/rmail.

Oh, you're going to fake out the rmail? Sorry, rmail does a direct
execv() of sendmail. Oh, you're going to spoof sendmail?  Sorry, rmail
checks the arguments it passes to sendmail... (Do we see a trend
forming?)

You see, it's not a black and white, HDB or "shit" world we're living
in.  It's even worse. Honeyman and I and others are conspiring. We're
pretty damned devious ourselves. We've fixed the easy things years ago.
We've even fixed the hard ones. There are probably other bugs out there
(only a fool would deny it), but like I said, it's no where near as
easy as you think it is.

Also, don't confuse the version of HDB that ATT ships with what
Honeyman is running. Those HDB bugs you found he probably fixed years
ago. AND, even worse, he told ME about them, so I fixed them in my
version. (The fact that ATT doesn't seem to want his fixes is ATT's
problem [and ATT's customers...])

Oh yeah, one more thing: Why are you assuming that uuxqt is running as
the same uid as uucico? Hmmm???? It doesn't need to.  And if it isn't
running as the same uid as uucico, then it doesn't have read permission
on L.sys does it? Gee. It's getting harder all the time...

The reason I'm making a point about all this is that I don't want to
lose any uunet customers because they don't want to connect to the
"insecure" system that you are describing. I had a hell of a time
convincing sites that the Internet virus wasn't going to propagate to
their sites via uucp. I don't want them to start worrying all over
again.

---rick