mjb@acd4.UUCP ( Mike Bryan ) (09/09/89)
Hmmm. The latest issue of "UNIX Today!" (September 4, 1989) has an
article regarding a West Germany computer espionage ring. Within the
article, the following text appeared ("Stoll" is one of the guys
involved in monitoring the breakins):
"We captured all of his keystrokes on a printer and saw how he
used a subtle bug in the GNU-Emacs text editor to obtain
system manager privileges," Stoll wrote in a report for the
Communications of the ACM.
Ok, does anyone know the details of this "subtle bug"? Has it been
fixed in a recent release? Also, does anyone know which issue of the
CACM contains the original report? Apologies if this has been
discussed here before, but I've just started reading this group.
--
Mike Bryan, Applied Computing Devices, 100 N Campus Dr, Terre Haute IN 47802
Phone: 812/232-6051 FAX: 812/231-5280 Home: 812/232-0815
UUCP: uunet!acd4!mjb ARPA: acd4!mjb@uunet.uu.net
"Did you make mankind after we made you?" --- XTC, "Dear God"rms@AI.MIT.EDU (09/09/89)
There never was a bug in Emacs. Someone at Stoll's site installed movemail with setuid to root, something that movemail was not (at that time) designed to handle. (It is now.)