[211] in bugtraq
Re: /bin/mail Security Hole
daemon@ATHENA.MIT.EDU (Casper Dik)
Sat Nov 26 07:44:08 1994
To: nlawson@galaxy.csc.calpoly.edu (Nathan Lawson)
Cc: unix-admins@oboe.aix.calpoly.edu, bugtraq@fc.net, cert@cert.org
In-Reply-To: Your message of "Sat, 26 Nov 1994 00:42:09 PST."
<9411260842.AA11076@galaxy.csc.calpoly.edu>
Date: Sat, 26 Nov 1994 12:46:59 +0100
From: Casper Dik <casper@fwi.uva.nl>
> Above all, FIX THIS HOLE. As to 8lgm, I definitely supported you in the
>past, but turning to security through obscurity this late in the game is a
>turn for the worse. If you have written an exploit, make it public, or do
>NOT give it to anyone, not even your best friend's dog. There's a lesson to be
>learned that has been repeated throughout history: give out copies to only
>a few people, and the entire cracker community will get it. Let's see a
>little more "all or nothing" commitments from the security community.
A word of caution for people running this script: all mail incoming
between starting the script and ending it will be lost. If you interrupt
the script, all of your mailbox is left in /tmp.
I think that you'll find that Sun's patch 100224-13 fixes this hole as well
as the race condition that existed when writing to /var/spool/mail.
There has not yet been a security bulletin on this patch.
I think the race is easier to win than this. All you need is one shot.
Casper