Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 4 Oct 2014 15:22:49 +0200
From: Hanno Böck <hanno@...eck.de>
To: Riot <rain.backnet@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Shellshock timeline (was: CVE-2014-6271: remote
 code execution through bash)

Am Sat, 4 Oct 2014 00:19:06 +0100
schrieb Riot <rain.backnet@...il.com>:

> We then worked further back in time, unearthing bash 1.08.2 on an
> ancient 1991 Atari ST image:
> http://images.rymate.co.uk/images/iwaSGPo.png  This was also
> vulnerable.  This version is relevant because the first version of
> bash ported to linux was bash 1.08 - here's the original post by
> Linus at the tender age of  advertising his first build of linux on
> the minix newsgroup in 1991, explicitly mentioning bash 1.08.  This
> datum told us that shellshock is older than all of linux, which makes
> for a nice soundbite for the press.
>
> Going back further proved very difficult because few archives
> including these early versions exist anywhere, and by all accounts
> the early releases were buggy and not particularly portable.  We
> eventually managed to locate an image for an obscure Japanese
> Human68k containing bash 1.05.  Here it identifies itself as bash
> 1.05 X6_19: http://images.rymate.co.uk/images/kH8VnTo.png  The file
> is dated 12/08/1991... and of course it's vulnerable:
> http://images.rymate.co.uk/images/zTYm05I.png


Can you post the relevant download links to the atari st / 68k images
and other possibly interesting stuff? Or where they from private
archives?

I think independently of current events this might be interesting for
people digging in IT history, so having them somewhere easy to find
would be nice.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.