Xref: utzoo comp.emacs:8916 gnu.emacs:3565
Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!ncs.dnd.ca!ncs.dnd.ca!jstewart
From: jstewart@ncs.dnd.ca (John Stewart)
Newsgroups: comp.emacs,gnu.emacs
Subject: (Summary) EMACS Security Hole.
Message-ID: <1990Aug21.121958.22139@ncs.dnd.ca>
Date: 21 Aug 90 12:19:58 GMT
Sender: jstewart@ncs.dnd.ca (John Stewart)
Distribution: na
Organization: Dept of National Defence
Lines: 22

Thanks to the many who responded to my request concerning the "EMACS
security hole in Clifford Stoll's book".

I have received many replies, but the one below sums it up the best 
of all.


   From: tale@turing.cs.rpi.edu (David C Lawrence)
   
   You should look at it more as a bug with the administrators and not
   with Emacs.  Regardless, the thing that caused it wasn't in Emacs
   proper (that is, to exploit it you didn't even have to run Emacs) but
   was in a client programme, movemail, which was never designed to be
   secure to be setuid root.  The installation instructions also did not
   say to put it in that way.
   
   Despite all of this, mostly because of how many times people did it,
   movemail was made to be safe for setuid in GNU Emacs 18.54.
  
John Stewart
jstewart@ncs.dnd.ca