[2900] in bugtraq
BSD mail.local has race condition
daemon@ATHENA.MIT.EDU (Travis Hassloch x231)
Wed Jul 10 16:35:13 1996
Date: Wed, 10 Jul 1996 14:17:16 -0500
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Travis Hassloch x231 <travis@EvTech.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Same as the Solaris mailx bug. As usual, to exploit the bug, you
have to have write perms to the mail spool. This means a security
conscious admin should turn world-write off, but this may break
mail user agents. A mail.local fix should be forthcoming, but
is pretty obvious -- same deal as writing to /tmp or other world-write
dirs from an SUID root program.
I had a stupid response to the Solaris mailx bug; I hope it didn't
get propogated here (it went out to Best-Of, oops). Sorry, I was
going cold-turkey on the caffeine, and was judgement-challenged.
--
Travis Hassloch, Electronic Blacksmith | P=NP if (P=0 or N=1)
There's a fine line between an email message and its signature.
