CSYSMAS@OAC.UCLA.EDU (Michael Stein) (11/10/88)
> This is serious. The knowledge that this person had the opportunity to > tamper with the master source code for UNIX is very worrisome. A major > examination of all AT&T-provided security related code is in order. > > We may not be at the end of this yet. How many "worms" or other "users" of the sendmail bug were there before this one? (The final? one). As it sounds like the worm ran as root on many systems, didn't EVERYONE have a chance at the master source code for UNIX? How well protected were the sites which hold "distribution" sources like AT&T or Berkeley? What's going to be in the next versions shipped? Also how do you know that RTM really wrote the worm? I'm not really disagreeing, it just seems that noone has pointed out that ANYONE could have planted ANYTHING on any "open" system before the incident.