[817] in bugtraq
Re: CERT Advisory CA-95:02.binmail.vulnerabilities
daemon@ATHENA.MIT.EDU (Karl Strickland)
Fri Jan 27 14:09:39 1995
From: Karl Strickland <karl@bagpuss.demon.co.uk>
To: Julian Assange <proff@suburbia.apana.org.au>
Date: Fri, 27 Jan 1995 15:57:39 +0000 (GMT)
Cc: cert-advisory@cert.org, bugtraq@fc.net
In-Reply-To: <199501270818.TAA02317@suburbia.apana.org.au> from "Julian Assange" at Jan 27, 95 07:18:56 pm
>
> > The CERT Coordination Center thanks Eric Allman, Wolfgang Ley, Karl
> > Strickland, Wietse Venema, and Neil Woods for their contributions to
> > mail.local.
>
> Last billing there Neil, though I note its in alphabetical order. It
> does seem a little thick headed that cert, in its wisdom, did not simply
> refer people to several 8lgm advisories already on the subject. As for the
To be fair to CERT, we were given early access to a number of versions
of mail.local before this one was released. Neil analyzed - in detail -
countless versions of mail.local and provided code to fix the remaining
problems.
> "mail.local" not been perfect - what are they advising? the installation of
> something less that perfect as far as root-bugs are concerned?
>
> "But mom, I'm only a little bit pregnant"
>
> >From my examinations of mail.local, its fine unless you can write to the mail
> spool directory. If you can, then its raceable.
Why is it raceable?
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
