From:	SMTP%"Leonard@Arizona.EDU" 13-APR-1994 13:09:32.77
To:	EVERHART
CC:	
Subj:	Security update breaks MAILSHR `@' patch

From: leonard@telcom.arizona.edu (Aaron Leonard)
X-Newsgroups: comp.os.vms,vmsnet.mail.misc
Subject: Security update breaks MAILSHR `@' patch
Date: 12 Apr 1994 18:12:53 GMT
Organization: University of Arizona Telecommunications
Lines: 24
Sender: leonard@Rena.Telcom.Arizona.EDU (Aaron Leonard)
Distribution: world
Message-Id: <2oeob5$qk8@auggie.CCIT.Arizona.EDU>
Reply-To: Leonard@Arizona.EDU
Nntp-Posting-Host: rena.telcom.arizona.edu
X-Newsreader: mxrn 6.18-6
To: Info-VAX@CRVAX.SRI.COM
X-Gateway-Source-Info: USENET


We recently applied the jumbo mandatory security update to
our VMS V5.5-2 system, and it killed our Barbe-patched MAILSHR
(the one that lets you enter Internet mail addresses as 
user@hostname   instead of   mumble%"user@hostname".)

If we try to use the old Barbe-patched stock 5.5-2 MAILSHR, it
ACCVIOs.  

I applied the 5.5-2 patch to the new MAILSHR.EXE  (version X-5A1B1, 
link date 17-JAN-1994).  The patch seemed to go in like Flynn - 
all the expected code locations were just as they were in 5.5-2 -
but the patched image behaves just like the unpatched image: the
mail parses barfs on an `@' address with %MAIL-E-USERSPEC - almost
as though it had skipped around the Barbe code.

Has anyone managed to hack a security-updated 5.5-2 system into
accepting the `@' patch?

Aaron

Aaron Leonard (AL104), <Leonard@Arizona.EDU>
University of Arizona Network Operations, Tucson AZ 85721
  \ Don't lock yourself into open systems. /