Subject: Re: [email@example.com: local root compromise in openbsd 3.0 and below]
To: Steven M. Bellovin <firstname.lastname@example.org>
From: Chris Pinnock <email@example.com>
Date: 04/13/2002 12:25:13
On Thu, Apr 11, 2002 at 02:54:49PM -0400, Steven M. Bellovin wrote:
> This is a *really* old attack -- does it really still work? My very
> quick tests suggest that it doesn't under NetBSD, because, as mail(1)
> says in describing -I:
> In particular, the `~' special character when sending mail
> is only active in interactive mode.
Comparing the recent OpenBSD patch to our source tree, it looks like we
caught that attack a few years ago. I haven't tested though.