January 8, 2026

Retro bug, modern meltdown

Article URL →HN comments →

Fixing a Buffer Overflow in Unix v4 Like It's 1973

Internet loses it over a 1973 password bug—hackers, historians, and 'ed' veterans pile on

TLDR: A newly recovered 1973 Unix system has a password tool that crashes when you type too much, and someone showed how to patch it. Comments split between curiosity about exploits, nerdy code archaeology, and nostalgic “ed” tales—proof that even ancient bugs spark fresh debates about hacking vs preserving history.

The internet just dug up a working copy of Unix from 1973, and it has a delightfully dumb bug: if you type more than 100 characters into the password box, it faceplants. But the real action is in the comments. mgerdts is squinting at a spooky line of code, asking if the program is poking memory right next door to the standard library, like a magician hiding cards up his sleeve. b-kuiper barrels in with the chaos energy: “Where’s the exploit?” Meanwhile, cooler heads warn this is a museum piece, not a playground—yet nobody can resist poking it.

Then came the flexes and war stories. nineteen999 casually claims they’ve already patched it on their modern machine, while SoftTalker remembers using the ancient “ed” text editor in a crunch—“not terrible,” but imagine writing code on a printer all day. The vibe? Half nostalgia, half mischief. Links fly to deep dives and a live terminal demo Unix v4 analysis, live session, and someone jokes about “1973 Patch Tuesday.” The funniest tip: if you crash su, you have to type “stty echo” blind to get your screen back. Retro computing: part history lesson, part meme generator.

Key Points

  • UNIX v4 was recovered from a magnetic tape and run on a PDP‑11 simulator, providing access to its full source code.
  • An audit of su(1) revealed a buffer overflow due to reading password input into a 100-byte buffer without bounds checking.
  • The vulnerability can crash su or alter behavior depending on which adjacent memory is overwritten; long input reproduces the issue.
  • su’s flow uses getpw(), disables TTY echo with gtty/stty, hashes input with crypt(), and compares against /etc/passwd.
  • UNIX v4 includes tools for self-recompilation; the article outlines using ed to patch su.c in the period-accurate environment.

Hottest takes

"What is up with fin? Is it really just writing an int 0…" — mgerdts
"so, is there already somebody that wrote the exploit for it?" — b-kuiper
"Already patched this on my x86_64 v4 UNIX port. Hehe." — nineteen999

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.