Chris Torek (email@example.com)
11 Nov 88 23:21:12 GMT
>In article <firstname.lastname@example.org.CSS.GOV> rick@seismo.CSS.GOV (Rick Adams) notes:
>>I have not been able to find ONE person who claims to
>>have known that sendmail compiled with DEBUG on would have allowed
>>anyone with SMTP access to run an arbitrary program on their machine.
In article <4992@polya.Stanford.EDU> shap@polya.Stanford.EDU
(Jonathan S. Shapiro) replies:
>Okay. Here it goes. I knew as early as 1984 or 1985 that this
>misfeature existed, and that it got you a root-shell, which certainly
>means you can run an arbitrary program on a remote machine.
Actually, you get a `daemon' shell---not as bad, but, as Keith put it,
`not my idea of a good time'.
>What's more, I reported this problem to DEC, Sun, and Berkeley at the
Keith Bostic searched Berkeley's bug log for everything relating to
sendmail. This bug was NOT in the log, which means it was not received
at at 4bsd-bugs@Berkeley.edu.
If you send a bug report to 4bsd-bugs@Berkeley.edu and do not get a
reply from `Bugs Bunny', your mail may have been lost; please re-send the
message. Better to get duplicates than none.
-- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163) Domain: email@example.com Path: uunet!mimsy!chris
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:30 GMT