Subject: Re: [ local root compromise in openbsd
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 04/13/2002 04:36:05
On Sat, 13 Apr 2002, Chris Pinnock wrote:

> On Thu, Apr 11, 2002 at 02:54:49PM -0400, Steven M. Bellovin wrote:
> > This is a *really* old attack -- does it really still work?  My very

> Comparing the recent OpenBSD patch to our source tree, it looks like we
> caught that attack a few years ago. I haven't tested though.

This issue was (re-)introduced in OpenBSD only around 14 months ago.
Before then (before 2.9), it didn't have that problem.

I am curious why Steven and Todd said this is an "old" bug.

Looking at OpenBSD back to beginning I don't see it. And looking at
src/usr.bin/mail/collect.c dated Apr. 18, 1991 from 386bsd-0.0, I don't
see the bug.

When was it originally fixed? (In the 80's?)

   Jeremy C. Reed