Path: utzoo!attcan!uunet!samsung!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!dkuug!iesd!iesd.auc.dk!amanda
From: amanda@iesd.auc.dk (Per Abrahamsen)
Newsgroups: comp.sources.d
Subject: Bug in movemail?  (Was: rms says...)
Message-ID: <AMANDA.91Feb12104356@thiele.iesd.auc.dk>
Date: 12 Feb 91 10:43:56 GMT
References: <27A6E9BA.2E94@tct.uucp> <1991Feb5.011604.3849@NCoast.ORG>
	<7436@crash.cts.com> <1991Feb12.011943.14151@NCoast.ORG>
Sender: news@iesd.auc.dk
Followup-To: comp.sources.d
Organization: HUGIN Expert A/S
Lines: 12
In-reply-to: allbery@NCoast.ORG's message of 12 Feb 91 01:19:43 GMT


>>>>> On 12 Feb 91 01:19:43 GMT, allbery@NCoast.ORG (Brandon S.
>>>>> Allbery KB8JRR) said: 

Brandon> ... the bug in /etc/movemail (rms can call it whatever he
Brandon> wants, in a real world system which *needs* security it's a
Brandon> bug) ...

Any system with an administrator who makes random programs from the
net suid root has very large security problems indeed.  Do you really
think it is possible for a programmer to guess every possible stupid
action of such a system administrator?