Path: utzoo!utgpu!watmath!clyde!ima!think!barmar From: barmar@think.COM (Barry Margolin) Newsgroups: comp.lang.c Subject: Re: Insecure hardware (was Re: gets(3) nonsense) Message-ID: <32921@think.UUCP> Date: 5 Dec 88 20:57:12 GMT References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <4869@bsu-cs.UUCP> <14733@mimsy.UUCP> <13203@ncoast.UUCP> <8308@bloom-beacon.MIT.EDU> Sender: news@think.UUCP Reply-To: barmar@kulla.think.com.UUCP (Barry Margolin) Organization: Thinking Machines Corporation, Cambridge MA, USA Lines: 20 In article <8308@bloom-beacon.MIT.EDU> jik@athena.mit.edu (Jonathan I. Kamens) writes: [Regarding the fingerd worm:] >If the author(s) of the code had bothered to figure out the stack >frame dimensions on the Sun, I'm sure he/she/they would have also >figured out the necessary Sun instructions to make it work, and vice >versa. I don't think so. I don't think the worm knows the hardware of the system it is trying to propogate to. If it's propogating using machine language instructions, it needs to know the hardware. The sendmail worm could go to either system because it transmitted a shell script that runs on both Suns and Vaxes, which was able to look around and determine which kind it was running on (in order to transfer and link the correct stuff). Barry Margolin Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar