Motorola & Xerox – The Robin Hood Story

I had a print out of this story from a few years ago. It is said that it was posted in news.sysadmin (news group), I’mguessing many years ago. I’m crediting Dave Platt for this version though.

The more things change, the more they stay the same...

Back in the mid-1970s, several of the system support staffat Motorola (I believe it was) discovered a relativelysimple way to crack system security on the Xerox CP-Vtimesharing system (or it may have been CP-V's predecessorUTS).  Through a simple programming strategy, it waspossible for a user program to trick the system into runninga portion of the program in "master mode" (supervisorstate), in which memory protection does not apply.  Theprogram could then poke a large value into its "privilegelevel" byte (normally write-protected) and could thenproceed to bypass all levels of security within thefile-management system, patch the system monitor, and donumerous other interesting things.  In short, the barn doorwas wide open.

Motorola quite properly reported this problem to XEROX viaan official "level 1 SIDR" (a bug report with a perceivedurgency of "needs to be fixed yesterday").  Because the textof each SIDR was entered into a database that could beviewed by quite a number of people, Motorola followed theapproved procedure: they simply reported the problem as"Security SIDR", and attached all of the necessarydocumentation, ways-to-reproduce, etc. separately.

Xerox apparently sat on the problem... they either didn'tacknowledge the severity of the problem, or didn't assignthe necessary operating-system-staff resources to developand distribute an official patch.

Time passed (months, as I recall).  The Motorola guyspestered their Xerox field-support rep, to no avail.Finally they decided to take Direct Action, to demonstrateto Xerox management just how easily the system could becracked, and just how thoroughly the system security systemscould be subverted.

They dug around through the operating-system listings, anddevised a thoroughly devilish set of patches.  These patcheswere then incorporated into a pair of programs called RobinHood and Friar Tuck.  Robin Hood and Friar Tuck weredesigned to run as "ghost jobs" (daemons, in Unixterminology); they would use the existing loophole tosubvert system security, install the necessary patches, andthen keep an eye on one another's statuses in order to keepthe system operator (in effect, the superuser) from abortingthem.

So... one day, the system operator on the main CP-Vsoftware-development system in El Segundo was surprised by anumber of unusual phenomena.  These included the following(as I recall... it's been a while since I heard the story):

- Tape drives would rewind and dismount their tapes in the middle of a job.

- Disk drives would seek back&forth so rapidly that they'd attempt to walk across the floor.

- The card-punch output device would occasionally start up of itself and punch a "lace card" (every hole punched). These would usually jam in the punch.

- The console would print snide and insulting messages from Robin Hood to Friar Tuck, or vice versa.

- The Xerox card reader had two output stackers; it could be instructed to stack into A, stack into B, or stack into A unless a card was unreadable, in which case the bad card was placed into stacker B.  One of the patches installed by the ghosts added some code to the card-reader driver... after reading a card, it would flip over to the opposite stacker.  As a result, card decks would divide themselves in half when they were read, leaving the operator to recollate them manually.

Naturally, the operator called in the operating-systemdevelopers.  They found the bandit ghost jobs running, andX'ed them... and were once again surprised.  When Robin Hoodwas X'ed, the following sequence of events took place:

 !X id1

 id1:   Friar Tuck... I am under attack!  Pray save me!  (Robin Hood) id1: Off (aborted)

 id2: Fear not, friend Robin!  I shall rout the Sheriff of Nottingham's men!

 id3: Thank you, my good fellow! (Robin)

Each ghost-job would detect the fact that the other had beenkilled, and would start a new copy of the recently-slainprogram within a few milliseconds.  The only way to killboth ghosts was to kill them simultaneously (very difficult)or to deliberately crash the system.

Finally, the system programmers did the latter... only tofind that the bandits appeared once again when the systemrebooted!  It turned out that these two programs had patchedthe boot-time image (the /vmunix file, in Unix terms) andhad added themselves to the list of programs that were to bestarted at boot time...

The Robin Hood and Friar Tuck ghosts were finally eradicatedwhen the system staff rebooted the system from a cleanboot-tape and reinstalled the monitor.  Not long thereafter,Xerox released a patch for this problem.

I believe that Xerox filed a complaint with Motorola'smanagement about the merry-prankster actions of the twoemployees in question.  To the best of my knowledge, noserious disciplinary action was taken against either ofthese guys.

Several years later, both of the perpetrators were hired byHoneywell, which had purchased the rights to CP-V afterXerox pulled out of the mainframe business.  Both of themmade serious and substantial contributions to the HoneywellCP-6 operating system development effort.  Robin Hood (DanHolle) did much of the development of the PL-6system-programming language compiler; Friar Tuck (JohnGabler) was one of the chief communications-software gurusfor several years.  They're both alive and well, and livingin LA (Dan) and Orange County (John).
Written on February 17th, 2008 , Funny

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

SirSpanky.com – The Secret Diary of James Pearce Aged 20-Something is proudly powered by WordPress and the Theme Adventure by Eric Schwarz
Entries (RSS) and Comments (RSS).

SirSpanky.com – The Secret Diary of James Pearce Aged 20-Something

Personal jorunal of a professional geek – James Pearce in Perth, Australia