ejp@ausmelb.OZ (Esmond Pitt) (06/09/87)
ELM appears to have a largish security hole. From the main menu try: c /usr/[spool/]mail/<user> where <user> is somebody other than yourself. It lets me read their maildrop! As there are too many patches flying round already, most of which undo previously correct patches, and as I have no solution, the solution is left as an exercise for the reader. Also, tks to Dave Taylor for apparently moderating some patches (if the 'Approved: taylor@hplabs' on some recent postings means what it says), but that means we now have two elm 'minders'. The other one volunteered because Dave stated he'd be out of it ... Can somebody please bring confusion out of this chaos? -- Esmond Pitt, Austec International Ltd ...!seismo!munnari!ausmelb!ejp,ejp@ausmelb.oz.au D
mkhaw@teknowledge-vaxc.ARPA (Michael Khaw) (06/09/87)
In article <1975@hplabsc.HP.COM> hplabs!seismo!munnari!mulga.oz!daemon (Esmond Pitt) writes: > >ELM appears to have a largish security hole. From the main menu try: > > c /usr/[spool/]mail/<user> > >where <user> is somebody other than yourself. It lets me read their maildrop! Our system does not allow this. For context: Ultrix 1.2 VAX, running sendmail. /usr/spool/mail/* files are mode 600, each owned by the (recipient) user Elm 1.5b Mike Khaw -- internet: mkhaw@teknowledge-vaxc.arpa usenet: {hplabs|sun|ucbvax|decwrl|sri-unix}!mkhaw%teknowledge-vaxc.arpa USnail: Teknowledge Inc, 1850 Embarcadero Rd, POB 10119, Palo Alto, CA 94303
mkhaw@teknowledge-vaxc.ARPA (Michael Khaw) (06/10/87)
In article <1975@hplabsc.HP.COM> hplabs!seismo!munnari!mulga.oz!daemon (Esmond Pitt) writes: > >ELM appears to have a largish security hole. From the main menu try: > > c /usr/[spool/]mail/<user> > >where <user> is somebody other than yourself. It lets me read their maildrop! Our system does not allow this. For context: Ultrix 1.2 VAX, running sendmail. /usr/spool/mail/* files are mode 600, each owned by the (recipient) user Elm 1.5b Mike Khaw -- internet: mkhaw@teknowledge-vaxc.arpa usenet: {hplabs|sun|ucbvax|decwrl|sri-unix}!mkhaw%teknowledge-vaxc.arpa USnail: Teknowledge Inc, 1850 Embarcadero Rd, POB 10119, Palo Alto, CA 94303
daemon@hplabsc.UUCP (06/11/87)
> Also, tks to Dave Taylor for apparently moderating some patches > (if the 'Approved: taylor@hplabs' on some recent postings means what it says), > but that means we now have two elm 'minders'. > The other one volunteered because Dave stated he'd be out of it ... > Can somebody please bring confusion out of this chaos? No, there's no real moderator. Dave probably isn't even reading these. The Approved: line is because this group is still marked as a moderated group, supposedly in the hope that someone will take over real moderation in the future. In the mean time, Dave apparently has mail going to the posting address filtered through something to clean up the headers and add the Approved: line. [ If I'm wrong, you see, this posting will never go out! :-) ] -- John Owens Old Dominion University - Norfolk, Virginia, USA john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET +1 804 440 4529 old uucp: {seismo,harvard,sun,hoptoad}!xanth!john