mailing list archives
Re: Security problem in C news and INN
From: casper () fwi uva nl (Casper Dik)
Date: Sat, 26 Feb 94 12:16:20 +0100
in the performance release of C-news both /bin & /usr/bin precede
/usr/ucb in the default path - so /bin/mail should be called rather than
ucbMail (at least on SunOs 4 ) - so where is the problem ?
The problem was originally discovered for INN. INN insists
on using /usr/ucb/mail (BSDish systems) or /usr/bin/mailx
(System V). Apart from the name, Mailx is identical to ucbmail.
Apart from installing the INN sec patch (it consists of
adding sed -e 's/^~/~~/' to the mail command in the 7 affected
scripts). Disabling control altogether isn't necessary.
Only control message that generate mail to the news user
Another quick fix for INN is redefining the mailer program to
a script that does:
sed -e 's/^~/~~/' | /usr/bin/mailx "$@"
(Mailx should be replaced by /usr/ucb/mail if you have that)
The only tilde escapes I've seen so far have been signatures
with ~ boxes. One of these caused ``Unknown tilde escape''
in my logfiles, with made me suspicious.
Re: Security problem in C news and INN Rafi Sadowsky (Feb 25)
- Re: Security problem in C news and INN, (continued)