Bugtraq mailing list archives
Re: Security problem in C news and INN
From: hoodr () hoodr slip netcom com (hoodr () hoodr slip netcom com)
Date: Sun, 27 Feb 1994 19:06:34 +0000
In message <199402261422.AA03742 () tavor openu ac il>, Rafi Sadowsky writes:Jeroen Scheerder wrote:....now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably where the hole comes from ?I just tested it under NetBSD, which I would suppose also has the ucb one, and the tilda escapes are *not* processed for non-interactive mailings. I feel this is also very likely the case with BSD/386 (I can't test that until next week sometime).
I get the following from BSDI 1.0's man page: -I Forces mail to run in interactive mode even when input isn't a ter- minal. In particular, the `~' special character when sending mail is only active in interactive mode. Also, SunOS has this interesting flag: -r address Pass address to network delivery software. All tilde (~) commands are disabled.
Current thread:
- Re: Security problem in C news and INN Scott D. Yelich (Feb 23)
- Re: Security problem in C news and INN Evil Pete (Feb 24)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: Security problem in C news and INN Evil Pete (Feb 24)
- syslog security problems Mike Evans (Feb 24)
- Re: Security problem in C news and INN Jeroen Scheerder (Feb 24)
- Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
- Re: Security problem in C news and INN Robert Crowe (Feb 26)
- Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
- Re: Security problem in C news and INN hoodr () hoodr slip netcom com (Feb 27)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: Security problem in C news and INN Evil Pete (Feb 24)
- Re: Security problem in C news and INN Henry Spencer (Feb 25)
- Re: Security problem in C news and INN Casper Dik (Feb 26)