Hacker News new | ask | show | jobs
by cnst 2339 days ago
That's for pointing this out.

It is pretty ridiculous just how trivial and severe this is, indeed.

However, given the lower prevalence of OpenBSD, I'd be interested to know whether anyone has any data on whether this is being exploited in the wild.
1 comments
boring_twenties 2339 days ago
No data, but it only listens on localhost by default.
link
cnst 2337 days ago
Do you think anyone who changes the default also changes the delivery to Maildir?

(So, at a minimum, it's a local user privilege escalation, of any user to root, in the default install?)

link