Re: elm filter program

From: Bill Pemberton (wfp5pat_private)
Date: Mon Sep 13 1999 - 05:44:00 PDT

Next message: Solar Designer: "Linux 2.2.12 mini-audit"

Previous message: Job de Haas: "Vulnerability in dtaction"
Maybe in reply to: Cornelius Krasel: "elm filter program"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Cornelius Krasel writes:
>
> "filter" is inherently unsafe. A bug has been described in 1995 which
> allows reading email of anybody on the system. The description can be
> found in the BugTraq archives, I believe. I include the full message
> below. While it was written in 1995, it still works with the filter
> version of Elm 2.4ME+ PL35 (25) which is from 1997. (I don't know
> whether there are any more recent elm versions.)
>

Elm 2.4ME+ PL35 is not the official version of elm.  The official
version of elm is 2.5.2 and does not include the filter program.

--
Bill Pemberton  (Elm Coordinator)              wfp5pat_private
ITC/Unix Systems                               flashat_private
University of Virginia

Next message: Solar Designer: "Linux 2.2.12 mini-audit"
Previous message: Job de Haas: "Vulnerability in dtaction"
Maybe in reply to: Cornelius Krasel: "elm filter program"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:16 PDT