Subject: Re: [ local root compromise in openbsd 3.0 and below]
To: Jeremy C. Reed <>
From: Steven M. Bellovin <>
List: tech-security
Date: 04/13/2002 08:50:13
In message <>, "
Jeremy C. Reed" writes:

>I am curious why Steven and Todd said this is an "old" bug.
>Looking at OpenBSD back to beginning I don't see it. And looking at
>src/usr.bin/mail/collect.c dated Apr. 18, 1991 from 386bsd-0.0, I don't
>see the bug.
>When was it originally fixed? (In the 80's?)

That sounds about right...

		--Steve Bellovin,
		Full text of "Firewalls" book now at