Re: CERT Advisory CA-95:02.binmail.vulnerabilities

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: smb@research.att.com: "Re: the next generation of nuke.c"
• Previous message: Leo Bicknell: "Chances of guessing?"
• In reply to: Julian Assange: "Re: CERT Advisory CA-95:02.binmail.vulnerabilities"
• Next in thread: Dave Sill: "Re: CERT Advisory CA-95:02.binmail.vulnerabilities"

> 
> > The CERT Coordination Center thanks Eric Allman, Wolfgang Ley, Karl
> > Strickland, Wietse Venema, and Neil Woods for their contributions to
> > mail.local.
> 
> Last billing there Neil, though I note its in alphabetical order. It
> does seem a little thick headed that cert, in its wisdom, did not simply
> refer people to several 8lgm advisories already on the subject. As for the

To be fair to CERT, we were given early access to a number of versions
of mail.local before this one was released.  Neil analyzed - in detail -
countless versions of mail.local and provided code to fix the remaining
problems.

> "mail.local" not been perfect - what are they advising? the installation of
> something less that perfect as far as root-bugs are concerned? 
> 
> 	"But mom, I'm only a little bit pregnant"
> 
> >From my examinations of mail.local, its fine unless you can write to the mail
> spool directory. If you can, then its raceable.

Why is it raceable?

-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          |

• Next message: smb@research.att.com: "Re: the next generation of nuke.c"
• Previous message: Leo Bicknell: "Chances of guessing?"
• In reply to: Julian Assange: "Re: CERT Advisory CA-95:02.binmail.vulnerabilities"
• Next in thread: Dave Sill: "Re: CERT Advisory CA-95:02.binmail.vulnerabilities"