Path: utzoo!attcan!uunet!husc6!mailrus!purdue!decwrl!ucbvax!OKEEFFE.BERKELEY.EDU!bostic
From: bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic)
Newsgroups: comp.protocols.tcp-ip
Subject: RE: Internet VIRUS alert
Message-ID: <8811052345.AA18501@okeeffe.Berkeley.EDU>
Date: 5 Nov 88 23:45:24 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 17

> I guess I am not that familiar with the Unix mail systems
> of the Sun and Vax.  Is this sendmail?

Yes.

> Does sendmail have the ability
> of receiving mail for a process?  If so, this is the biggest security
> hole I have heard about in a long time.

The problem is the implementation, not the concept.  Receiving mail
for a process is extremely useful.  Three examples, first, a daemon
program that automatically files bug reports.  Two, a program that
replies that you've gotten the mail, but aren't reading it because
you're on vacation.  Three, a program that takes mail and gateways
it to network news groups.

--keith