Subject: Re: [ local root compromise in openbsd 3.0 and below]
To: Steven M. Bellovin <>
From: Jan Schaumann <>
List: tech-security
Date: 04/11/2002 15:08:58
"Steven M. Bellovin" <> wrote:

> It's always good to test such things, to see if they really behave the 
> way the man page says they do -- but as I said, some very quick tests 
> suggest that /usr/bin/mail does the right thing.

I just can't believe that /usr/bin/mail on OpenBSD would not behave the
same way -- even linux's mail(1) does indicate that it only interprets ~
in interactive mode...