Bugtraq mailing list archives
Re: CERT Advisory CA-95:02.binmail.vulnerabilities
From: neil () legless demon co uk (Neil Woods)
Date: Sat, 28 Jan 1995 13:15:26 +0100 (GMT)
The CERT Coordination Center thanks Eric Allman, Wolfgang Ley, Karl Strickland, Wietse Venema, and Neil Woods for their contributions to mail.local.Last billing there Neil, though I note its in alphabetical order. It does seem a little thick headed that cert, in its wisdom, did not simply refer people to several 8lgm advisories already on the subject. As for the "mail.local" not been perfect - what are they advising? the installation of something less that perfect as far as root-bugs are concerned? "But mom, I'm only a little bit pregnant"From my examinations of mail.local, its fine unless you can write to the mailspool directory. If you can, then its raceable.
I know of no problems with the mail.local code provided, I'd advise anyone with sunos/ultrix boxes to use it. I wouldn't trust any patch provided by either DEC or SUN at this moment in time. I haven't looked at any other available src, so I can't recommend anything else. Even with a mode 777 spool directory, this code is secure (IMHO 8). If anyone thinks otherwise, then please post a description of why you believe it is so, a script isn't necessary. As our names are on the advisory, I guess you can take that as a seal of approval. Cheers, Neil -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope...
Current thread:
- Re: CERT Advisory CA-95:02.binmail.vulnerabilities Julian Assange (Jan 27)
- Re: CERT Advisory CA-95:02.binmail.vulnerabilities Dave Sill (Jan 27)
- Re: CERT Advisory CA-95:02.binmail.vulnerabilities Karl Strickland (Jan 27)
- Re: CERT Advisory CA-95:02.binmail.vulnerabilities Neil Woods (Jan 28)