From owner-freebsd-security  Mon Jun 10 07:04:12 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA15419
          for security-outgoing; Mon, 10 Jun 1996 07:04:12 -0700 (PDT)
Received: from gatekeeper.fsl.noaa.gov (gatekeeper.fsl.noaa.gov [137.75.131.181])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA15407
          for <freebsd-security@FreeBSD.ORG>; Mon, 10 Jun 1996 07:04:09 -0700 (PDT)
Received: from emu.fsl.noaa.gov (kelly@emu.fsl.noaa.gov [137.75.60.32]) by gatekeeper.fsl.noaa.gov (8.7.5/8.7.3) with ESMTP id OAA04858; Mon, 10 Jun 1996 14:04:02 GMT
Message-Id: <199606101404.OAA04858@gatekeeper.fsl.noaa.gov>
Received: by emu.fsl.noaa.gov
	(1.40.112.3/16.2) id AA207755442; Mon, 10 Jun 1996 08:04:02 -0600
Date: Mon, 10 Jun 1996 08:04:02 -0600
From: Sean Kelly <kelly@fsl.noaa.gov>
To: angio@aros.net
Cc: taob@io.org, freebsd-security@FreeBSD.ORG
In-Reply-To: <199606100600.AAA09517@terra.aros.net> (message from Dave
	Andersen on Mon, 10 Jun 1996 00:00:56 -0600 (MDT))
Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue?
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>>>>> "Dave" == Dave Andersen <angio@aros.net> writes:

    Dave>    Or, get creative.  You could really wreak havoc with the
    Dave> files that already existed in that directory if you felt
    Dave> like it.  Garbaging people's email, appending the output of
    Dave> 'fortune' 500 times to your largest client, etc.

Or appending the output of `fortune' 500 times to your Fortune 500
clients!  :-)

(Well, they were just asking for it, right?)

-- 
Sean Kelly                          
NOAA Forecast Systems Laboratory    kelly@fsl.noaa.gov
Boulder Colorado USA                http://www-sdd.fsl.noaa.gov/~kelly/