Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: From the moderator: READ Please
From: smb () research att com (smb () research att com)
Date: Mon, 22 May 95 14:13:02 EDT


         1) Some new releases of sendmail install the program as group kmem.

         I can't see any good reason for this, if I'm wrong please
         correct me. This group is dangerous, because it is able to
         read the kernel and physical memory.  I was able to get a
         shell as group kmem via the old ident bug, and to find some
         fragments of the shadow passwords file in the kernel memory.
         Newer bug s may give the same opportunity.

Sendmail tries to determine the load average of the machine; on some
platforms, the only way to do that is by reading /dev/kmem.  That doesn't
change the fact that it's stupid to give sendmail that much power.  (On
the other hand, it's already setuid root; what does yet one more
privilege matter....?)



  By Date           By Thread  

Current thread:
  • Re: From the moderator: READ Please smb () research att com (May 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]