Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!rpi!crdgw1!ge-dab!peora!tarpit!myoho!alfred!elliot
From: elliot@alfred.UUCP (Elliot Dierksen)
Newsgroups: comp.mail.elm
Subject: Re: ** Serious Elm security hole + FIX **
Summary: another system to add to fix list
Message-ID: <457@alfred.UUCP>
Date: 22 Oct 89 22:17:37 GMT
References: <1726@ruuinf.cs.ruu.nl> <126@sneezy.tcom.stc.co.uk>
Organization: Semi-private 3B1 - Orlando, FL
Lines: 18

In article <126@sneezy.tcom.stc.co.uk>, pete@tcom.stc.co.uk (Peter Kendell) writes:
> From article <1726@ruuinf.cs.ruu.nl>, by edwin@praxis.cs.ruu.nl (Edwin Kremer):
> > Yesterday I discovered a nasty hole in the Elm security that would
> > let anybody read no matter whose mailbox. This behaviour only occurs
> > if you're running a Elm version that is SGID to e.g. group "mail".
> > 

Well, I hate to be a pain but you can also AT&T 3B2 & 7300 to the list of
systems that exhibit this problem.... 

I must say, I think elm is an excellent product, but I hope to see a patch
VERY soon to resolve this!!!!

-- 
Elliot Dierksen                 Home: {peora,ucf-cs,uunet}!tarpit!alfred!elliot
                                Work: {att,codas}!candi!ralph!ebd

"My Cow died, so I don't need your Bull any more!"