From owner-freebsd-security Fri Apr 12 12:23:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from borja.sarenet.es (borja.sarenet.es [192.148.167.77]) by hub.freebsd.org (Postfix) with ESMTP id A27B137B404 for ; Fri, 12 Apr 2002 12:23:51 -0700 (PDT) Received: from there (localhost [127.0.0.1]) by borja.sarenet.es (8.11.6/8.11.6) with SMTP id g3CJNo265626 for ; Fri, 12 Apr 2002 21:23:50 +0200 (CEST) (envelope-from borjamar@sarenet.es) Message-Id: <200204121923.g3CJNo265626@borja.sarenet.es> Content-Type: text/plain; charset="iso-8859-1" From: Borja Marcos To: security@freebsd.org Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Date: Fri, 12 Apr 2002 21:23:50 +0200 X-Mailer: KMail [version 1.3.2] References: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org> <4.3.2.7.2.20020411235129.00ba5bc0@nospam.lariat.org> <200204121920.g3CJKV265588@borja.sarenet.es> In-Reply-To: <200204121920.g3CJKV265588@borja.sarenet.es> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Friday 12 April 2002 21:20, you wrote: > =09An a security problem with reverse fingers and TCP Wrapper (see Wiet= se > Venema's "Murphy's Laws and Computer Security") exploited exactly the s= ame. > As far as I know, that behavior was removed from mail programs; they on= ly > accept escape sequences (at least the ~!) when running from a terminal. =09Sorry, I meant "was removed as a default behavior". I had not noticed = the=20 "-I" option in FreeBSD's /usr/bin/Mail. =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message