Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Security problem in C news and INN
From: henry () zoo toronto edu (Henry Spencer)
Date: Fri, 25 Feb 1994 13:08:17 -0500 (EST)

in the performance release of C-news both /bin & /usr/bin precede
/usr/ucb in the default path - so /bin/mail should be called rather than
ucbMail (at least on SunOs 4 ) - so where is the problem ?

Unfortunately, there are systems where /bin/mail is just a synonym for
/usr/ucb/mail or what have you.  The bright boys who did this evidently
didn't notice that the semantics weren't the same.  It is *thoroughly*
brain-dead for the ~ escapes to be recognized in a non-interactive
situation.  Unfortunately, there are some brain-dead people building
and shipping systems...  (Plus some sensible people who just don't look
carefully enough before they leap...)

                                         Henry Spencer at U of Toronto Zoology
                                          henry () zoo toronto edu   utzoo!henry

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]