[UFO Chicago] WCLUG on Thursday, January 2

Jordan Bettis jordanb@hafd.org
Mon, 6 Jan 2003 09:15:24 -0600 (CST)


GAR Squirrelmail, here's what was supposed to be said:

Crow Leader said:
> Sorry sir, but it is you who don't "get it."
>
> Get back to playing uber-coder on your broken code base, maybe you too
> can create a version of man that results in a root compromise.

The man-db exploit was not a root compromise (on debian at least), it was
a user 'man' compromise. It allowed you to modify files owned by the 'man'
user, which is to say the man-db cache. It's called "seperation of
privlages".

Nice try though.

By the way, I find it funny that you're complaining about free software
security when your MUA is the single biggest and most costly threat to
computer security in the history of the internet.

-- 
Jordan Bettis <http://www.hafd.org/~jordanb>
This message has been written using my webmail system.