Subject: Re: [firstname.lastname@example.org: local root compromise in openbsd
To: None <email@example.com>
From: Jeremy C. Reed <firstname.lastname@example.org>
Date: 04/13/2002 04:36:05
On Sat, 13 Apr 2002, Chris Pinnock wrote:
> On Thu, Apr 11, 2002 at 02:54:49PM -0400, Steven M. Bellovin wrote:
> > This is a *really* old attack -- does it really still work? My very
> Comparing the recent OpenBSD patch to our source tree, it looks like we
> caught that attack a few years ago. I haven't tested though.
This issue was (re-)introduced in OpenBSD only around 14 months ago.
Before then (before 2.9), it didn't have that problem.
I am curious why Steven and Todd said this is an "old" bug.
Looking at OpenBSD back to beginning I don't see it. And looking at
src/usr.bin/mail/collect.c dated Apr. 18, 1991 from 386bsd-0.0, I don't
see the bug.
When was it originally fixed? (In the 80's?)
Jeremy C. Reed