Re: Security problem in C news and INN

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Scott Chasin: "8lgm Advisory Releases"
• Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
• In reply to: Robert Crowe: "Re: Security problem in C news and INN"
• Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"

>In message <199402261422.AA03742@tavor.openu.ac.il>, Rafi Sadowsky writes:
>>Jeroen Scheerder wrote:
>....
>>now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably
>>where the hole comes from ?
>
>I just tested it under NetBSD, which I would suppose also has the ucb one,
>and the tilda escapes are *not* processed for non-interactive mailings.  I
>feel this is also very likely the case with BSD/386 (I can't test that until
>next week sometime).

I get the following from BSDI 1.0's man page:

     -I    Forces mail to run in interactive mode even when input isn't a ter-
           minal.  In particular, the `~' special character when sending mail
           is only active in interactive mode.

Also, SunOS has this interesting flag:

     -r address    Pass address  to  network  delivery  software.
                   All tilde (~) commands are disabled.

• Next message: Scott Chasin: "8lgm Advisory Releases"
• Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
• In reply to: Robert Crowe: "Re: Security problem in C news and INN"
• Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"