Path: utzoo!attcan!uunet!ginosko!brutus.cs.uiuc.edu!apple!bionet!ames!amelia!sun217!truesdel
From: truesdel@sun217..nas.nasa.gov (David A. Truesdel)
Newsgroups: comp.unix.wizards
Subject: Re: sendmail/ftpd security-holes raise their ugly heads again...
Message-ID: <3247@amelia.nas.nasa.gov>
Date: 27 Sep 89 18:51:35 GMT
References: <21@minya.UUCP> <19837@mimsy.UUCP>
Sender: news@amelia.nas.nasa.gov
Lines: 9

It should be noted that the mere presense of the debug mode IS NOT a security
hole, the ability to address mail to an arbitrary shell (with the aid of
"debug") IS.

Before ragging on your unnamed vendor, you should check to see if the security
hole really is present.
-dave truesdell (truesdel@prandtl.nas.nasa.gov)

"When in doubt, use brute force."