andreess@mrlaxs.mrl.uiuc.edu (Marc Andreessen) (04/17/91)
Okay, I warned you in the subject header, but here it comes... I've been seriously programming under Unix for a little over a year (i.e. I'm an undergrad), and I'm moderately familiar with most aspects of the system. However, I discovered something by accident the other day that really has me wondering. Basically, I stumbled on a ridiculously easy way to forge mail from anyone to anyone on any machine (I've tested this on Ultrix 4.1, AIX 3.1, BSD Tahoe, etc) without superuser privs. I'm aware many implementations of Unix have many security holes, but this seems fairly major, and also appears to be there by design. I'm sure half of you know what I'm talking about already, so there's no need to go into detail. However, what I'm wondering is - why isn't this more widely known? Why have I never heard about it? This makes Unix mail completely untrustworthy; why isn't this more secure? Marc -- Marc Andreessen___________University of Illinois Materials Research Laboratory Internet: andreessen@uimrl7.mrl.uiuc.edu____________Bitnet: andreessen@uiucmrl