[ranguski]

Damn, this is amazing. Even as bare access goes. Find is indeed a severity red, unsure who is gonna patch up mailutils

[joeyh]

I'm going to guess "noone". This is not the first security hole like this caused by piping to mail. See CVE-2000-0703, a trivial local root via suidperl. Unfortunately backwards compatability often wins over prevention of future security holes.