[3867] in bugtraq
Re: jj.c
daemon@ATHENA.MIT.EDU (Dave G.)
Wed Dec 25 00:44:02 1996
Date: Wed, 25 Dec 1996 00:32:17 -0500
Reply-To: "Dave G." <daveg@escape.com>
From: "Dave G." <daveg@escape.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I have looked at this before, and tilde escaping from /bin/mail shouldn't
work on most modern systems simply because the /bin/mail's I have looked
at dont accept tilde escapes unless the the input is coming from a terminal,
or /bin/mail is invoked with -I.
Regardless, jj is a great example of how to write insecure code.
So, is there any /bin/mail that will accept tilde escapes if the input
isn't coming from a terminal?
Dave G.
<daveg@escape.com>
http://www.escape.com/~daveg
