Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!lll-lcc!lll-tis!ames!ucbcad!ucbvax!hplabs!hplabsc!daemon
From: ejp@ausmelb.OZ (Esmond Pitt)
Newsgroups: comp.mail.elm
Subject: ELM security hole
Message-ID: <1975@hplabsc.HP.COM>
Date: Tue, 9-Jun-87 06:25:01 EDT
Article-I.D.: hplabsc.1975
Posted: Tue Jun  9 06:25:01 1987
Date-Received: Fri, 12-Jun-87 01:45:33 EDT
Sender: daemon@hplabsc.HP.COM
Reply-To: hplabs!seismo!munnari!mulga.oz!daemon (Esmond Pitt)
Organization: Austec International Limited, Melbourne
Lines: 21
Approved: taylor@hplabs (with 'postmail')


ELM appears to have a largish security hole. From the main menu try:

	c /usr/[spool/]mail/<user>

where <user> is somebody other than yourself. It lets me read their maildrop!

As there are too many patches flying round already,
most of which undo previously correct patches,
and as I have no solution, the solution is left as an exercise for the reader.

Also, tks to Dave Taylor for apparently moderating some patches
(if the 'Approved: taylor@hplabs' on some recent postings means what it says),
but that means we now have two elm 'minders'.
The other one volunteered because Dave stated he'd be out of it ...
Can somebody please bring confusion out of this chaos?

-- 
Esmond Pitt, Austec International Ltd
...!seismo!munnari!ausmelb!ejp,ejp@ausmelb.oz.au
D