Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!cs.utexas.edu!uunet!mcsun!ukc!stl!stc!tcom!pete
From: pete@tcom.stc.co.uk (Peter Kendell)
Newsgroups: comp.mail.elm
Subject: Re: ** Serious Elm security hole + FIX **
Message-ID: <126@sneezy.tcom.stc.co.uk>
Date: 22 Oct 89 11:42:24 GMT
References: <1726@ruuinf.cs.ruu.nl>
Organization: STC Telecoms Ltd., New Southgate, London, United Kingdom
Lines: 17

From article <1726@ruuinf.cs.ruu.nl>, by edwin@praxis.cs.ruu.nl (Edwin Kremer):
> Yesterday I discovered a nasty hole in the Elm security that would
> let anybody read no matter whose mailbox. This behaviour only occurs
> if you're running a Elm version that is SGID to e.g. group "mail".
> 

	Whoops! This also happens with DRS/NX (ICL version of SVR2)
	using smail and binmail.

	Time for patch 12, I suspect.


-- 
----------------------------------------------------------------------------
|		  Peter Kendell <pete@tcom.stc.co.uk>	        	   |
|				...{uunet!}mcvax!ukc!stc!pete		   |
----------------------------------------------------------------------------