Path: utzoo!attcan!uunet!dev!dgis!jkrueger
From: jkrueger@dgis.dtic.dla.mil (Jon)
Newsgroups: comp.emacs
Subject: Re: Gnu Emacs security hole?
Message-ID: <776@dgis.dtic.dla.mil>
Date: 27 Feb 90 14:10:59 GMT
References: <10022@leadsv.UUCP> <332@venice.SEDD.TRW.COM>
Organization: Defense Technical Information Center (DTIC), Alexandria VA
Lines: 18

>From article <10022@leadsv.UUCP>, by tn@leadsv.UUCP (Tristan Nefzger):
>> Some time ago a review of Clifford Stoll's book appeared in EE Times
>> (11/6/89).  Mentioned was a bug in Gnu Emacs which "allows a file to
>> be moved into the protected systems space."  Do you know of any
>> security holes in Gnu Emacs and what versions they are in?

This is a common canard.  The facts are that GNU Emacs comes with a
program called movemail, which some people installed setuid root,
without sanction from the install instructions or common sense.
That this is exploitable and was exploited should surprise no one
who is qualified to perform UNIX system administration.  That this
was caused by "a bug in GNU Emacs" is a rumor without basis in fact.

-- Jon
-- 
Jonathan Krueger    jkrueger@dtic.dla.mil   uunet!dgis!jkrueger
The Philip Morris Companies, Inc: without question the strongest
and best argument for an anti-flag-waving amendment.