> > > Change that in: "how quickly Sun came with not-working patches" > > Note too that the patch that finally fixed the /var/spool/mail > > race conditions appeared months after the last 8lgm advisory. > > > > > The Sun patch fixed some of the problems and made the race harder to win. It didn't fix any problem I know of - it made it harder to append to files, but easier to create files (in fact there was no race to create files). Personally I'd consider this a step back. > It > also filled the particular hole that particular 8lgm script exposed. Better > than a cryptic message from 8lgm saying "there is a bug in mail" and better > than hearing nothing at all from CERT until Sun believes they have the bug > fixed. It stopped our original script from appending to files. The script was supposed to be a sample exploitation, not the be-it-and-end-all of the hole. You could patch cc so as to not compile mailrace.c with similar success 8). CERT were supplied with a script in May for the current mail advisory, and I supplied it to several people at Sun in the autumn (fall) in case CERT wasnt passing this on. > And if it takes several iterations for Sun to do this, and they > don't have whatever added pressure a widely-distributed exploit script adds, > this might a year or more for systems to be vulnerable to those who know > about this bug. And with every passing day the chance someone else will > independly discover it increases... > Well we have provided src to fix this, so hopefully it won't take another seven months. Cheers, Neil -- Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual, Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control. ...like a badger with an afro throwing sparklers at the Pope...