Subject: Re: [email@example.com: local root compromise in openbsd 3.0 and below]
To: Jan Schaumann <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 04/11/2002 15:03:59
In message <20020411150405.C24737@netmeister.org>, Jan Schaumann writes:
>"Steven M. Bellovin" <firstname.lastname@example.org> wrote:
>> This is a *really* old attack -- does it really still work? My very
>> quick tests suggest that it doesn't under NetBSD, because, as mail(1)
>> says in describing -I:
>> In particular, the `~' special character when sending mail
>> is only active in interactive mode.
>Oh, yeah. S'ppose I should have RTFM'd more carefully.
It's always good to test such things, to see if they really behave the
way the man page says they do -- but as I said, some very quick tests
suggest that /usr/bin/mail does the right thing.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com