Path: utzoo!telly!eci386!ecicrl!clewis
From: clewis@ferret.ocunix.on.ca (Chris Lewis)
Newsgroups: comp.sys.3b1
Subject: Re: 3b1 security and removal of ua
Keywords: ua security
Message-ID: <1395@ecicrl.ocunix.on.ca>
Date: 11 Apr 91 23:09:14 GMT
References: <375@unx-pc.UUCP> <927@jonlab.UUCP>
Organization: Elegant Communications Inc., Ottawa, Canada
Lines: 16

In article <927@jonlab.UUCP> jon@jonlab.UUCP (Jon H. LaBadie) writes:

>The recent discussion of security on the 3B1 (is that an oxymoron?)
>caused me to recall that I've never seen this particular hole posted.

It's worse than that - if you send mail to the root user, the user
on the console can break into root using the mail icon....

No compiler neccessary.

Ugh.
-- 
Chris Lewis, Phone: (613) 832-0541, Internet: clewis@ferret.ocunix.on.ca
UUCP: uunet!mitel!cunews!latour!ecicrl!clewis; Ferret Mailing List:
ferret-request@eci386; Psroff (not Adobe Transcript) enquiries:
psroff-request@eci386 or Canada 416-832-0541.  Psroff 3.0 in c.s.u soon!