Re: BSDi 3.0/4.0 rcvtty gid=tty exploit... (mh package)

[Dan Harkless <dan-bugtraq () DILVISH SPEED NET>]

Chris Sharp <v9 () FAKEHALO ORG> writes:
> well, i dont know if rcvtty is suppost to be
> setgid in general, since ive never seen it setgid
> on anything but BSDi 3.0 and 4.0.  but
> none-the-less, here is a exploit i wrote for it:

In nmh (mh's actively-maintained descendant), at least, rcvtty is not
installed setgid.  Not sure if there's a BSD port of nmh that makes it so,
though.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.