Re: Crackers and Worms

Chris Torek (
11 Nov 88 23:21:12 GMT

>In article <44440@beno.seismo.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) notes:
>>I have not been able to find ONE person who claims to
>>have known that sendmail compiled with DEBUG on would have allowed
>>anyone with SMTP access to run an arbitrary program on their machine.

In article <4992@polya.Stanford.EDU> shap@polya.Stanford.EDU
(Jonathan S. Shapiro) replies:
>Okay. Here it goes. I knew as early as 1984 or 1985 that this
>misfeature existed, and that it got you a root-shell, which certainly
>means you can run an arbitrary program on a remote machine.

Actually, you get a `daemon' shell---not as bad, but, as Keith put it,
`not my idea of a good time'.

>What's more, I reported this problem to DEC, Sun, and Berkeley at the

Keith Bostic searched Berkeley's bug log for everything relating to
sendmail. This bug was NOT in the log, which means it was not received
at at

If you send a bug report to and do not get a
reply from `Bugs Bunny', your mail may have been lost; please re-send the
message. Better to get duplicates than none.

In-Real-Life: Chris Torek, Univ	of MD Comp Sci Dept (+1	301 454	7163)
Domain:	Path:	uunet!mimsy!chris

This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT