Exploiting this is close to trivial because the adjacent buffer contains the pw entry. So, you can control what the input is compared with.
That way the password check can be bypassed without injecting code.
The crypt() of the input, not the input itself, but guessing at the (PDP-11 assembly :/ ) code for crypt() a bit, it seems to stop after 64 characters if it can’t find a null terminator before that, so
should work as an exploit, and indeed it does. (Arbitrary 64-character password, then 36 bytes to pad to the end of the 100-byte buffer, then the part of root’s /etc/passwd entry for said password until at least the second colon.)
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
And even more to the point: this is a website. What is he afraid of this website doing that all the other websites don't already do? Why single this one out?
Yeah it’s unlikely that this site will collect any meaningful data and it’s unlikely that you lose any meaningful data by playing with a virtual unix from the 70ies.
Did they get a license from Novell for this or is this as illegal as many of the other emulator sites with copyrighted software on them? Considering the page doesn't mention it, I'm leaning towards it being copyright infringement.
This copy of Unix v4 came from AT&T and not one of the freely licensed ones Caldera released. Caldera may own the rights now for this unearthed copy, but I am not aware that they have provided licenses for this new release.
If your argument is that Caldera might not actually have the rights to UNIX in the first place to grant the license, that's fair.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
>Redistributions of source code and documentation must retain the above copyright notice
The archived tape doesn't have this, which contradicts the license. This makes me think the license may only be referring to a set of source code that they released with this license text already applied as opposed to what was recently archived.
>Redistributions in binary form must reproduce the above copyright notice
I don't see the copyright notice on that page. So at the very least that may need to be added.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.
> By using this service, you acknowledge that terminal sessions may be logged for educational and debugging purposes. No personal data is collected beyond your IP address.
Is this all open source and is the code available? So that we know where the data is truly going?
Hard to trust it if it isn't fully OSS.
This is a cool demo though.
Clarification requested: How is ‘trust’ applicable to this site?
It's an emulated PDP-11, could you elaborate on the threat model here?
I get that companies are being gross about logging everything online, but come on. It's okay to have fun.
Who in their right mind is using this for anything other than curiosity's sake?
You aren’t getting downvoted enough.
Gotta stick the "This product includes software developed or owned by Caldera International, Inc." notice on it though.
But the license they provided (http://www.lemis.com/grog/UNIX/ancient-source-all.pdf) explicitly names versions 1, 2, 3, 4, 5, 6, and 7 of UNIX for the 16-bit PDP-11. Yes, these versions originated at AT&T (Bell Labs) but are distinct legally from SysIII and SysV UNIX, also from AT&T, which are explicitly not covered by the Caldera license.
>Redistributions of source code and documentation must retain the above copyright notice
The archived tape doesn't have this, which contradicts the license. This makes me think the license may only be referring to a set of source code that they released with this license text already applied as opposed to what was recently archived.
>Redistributions in binary form must reproduce the above copyright notice
I don't see the copyright notice on that page. So at the very least that may need to be added.
In the sense that the company I work for would be financially harmed if copyright infringement of software was freely allowed. I benefit from the ability of people being able to sell rights to use software.
It's one thing to digitize and archive ancient software, it's another thing to allow people to freely use it without acquiring the proper license for it.