[UFO Chicago] WCLUG on Thursday, January 2

Jordan Bettis jordanb@hafd.org
Mon, 6 Jan 2003 09:15:24 -0600 (CST)

GAR Squirrelmail, here's what was supposed to be said:

Crow Leader said:
> Sorry sir, but it is you who don't "get it."
> Get back to playing uber-coder on your broken code base, maybe you too
> can create a version of man that results in a root compromise.

The man-db exploit was not a root compromise (on debian at least), it was
a user 'man' compromise. It allowed you to modify files owned by the 'man'
user, which is to say the man-db cache. It's called "seperation of

Nice try though.

By the way, I find it funny that you're complaining about free software
security when your MUA is the single biggest and most costly threat to
computer security in the history of the internet.

Jordan Bettis <http://www.hafd.org/~jordanb>
This message has been written using my webmail system.