jkp@cs.HUT.FI (Jyrki Kuoppala) (05/01/91)
>You remind me of the people who say (without knowing, of course) that >sendmail's debug hole was widely known before RTM made a fool of >himself. Does it make you feel wizardly to pretend that you know what >you're talking about? For the record, I also don't believe that the sendmail debug feature was 'widely known', whatever that means. But I personally ran into it independently, examining the SMTP protocol, and then noticed that strange things begin to happen after the (undocumented, I think, at least I found it by chance) debug command was given. This was some time before the Internet worm episode. And no, I didn't publicize it widely, just discussed it with a few friends of mine and the local administrators. Back then, I didn't know of a good way to communicate such holes and probably didn't even think anyone would be that interested in it. Don't know, perhaps if I had posted it to a newsgroup back then the worm episode wouldn't have happened. Not that I say it would have been good or bad. //Jyrki