That's fair, it wasn't exactly secure on the OS level, fun stuff like the help function allowing a backdoor to a user account. But to be fair to SGI this was exactly the era when the internet went from 'small village' to 'megapolis' and that brought the vermin right along with the funding.

They said on their documentation that it wasn't hardened and that you shouldn't put it directly on the internet without a firewall.

And yet they sold a "WebForce" edition Indy with an httpd preinstalled.

Here is the semi-interesting story of the creation of webforce by the dude who came up with the concept. [0]

This[1] is a picture of a WebForce Indy unboxed, complete with Photoshop, Illustrator, and Indyballs.

And this[2] is a brochure for the WebForce Indy.

[0] https://therealmccrea.com/2014/01/09/january-1994-a-very-goo...

[1] https://old.reddit.com/r/retrobattlestations/comments/6oohy7...

[2] http://www.1000bit.it/ad/bro/sgi/SGIWebforceSEPG.pdf

Yeah, there were so many easy exploits that we regularly used them for our many SGI workstations when we didn't have the root password for that specific machine.

You really did not need an exploit, just log on as lpr.