mailing list archives
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 25 Sep 1995 18:32:05 +0100
I wonder if there is any element of protection by having the sendmail
daemon running only on machines that have no user accounts (all passwd
entries have '*' for the passwd field, except for systems staff, of course)?
All other machines having sendmail NOT running as a daemon, and the SUID
bit turned off (because it doesn't do local delivery)...
No. The attak can be executed over the net. Since sendmail
runs as root in daemon mode, breakins can be made on systems w/o
user accoutns or whatnot.
I suspect that when the patch is out, it will be a libc patch, or at
least a new module to replace one in libc, not a patch to sendmail,
syslogd, or other utils... Thats how I am thinking of fixing it, if
the patch is not forthcoming soon... replacing the syslog.o module in
libc.a and libc.so.??? (so statically linked stuff subsequently built
won't be vulnerable, too)? I take it that Suns syslog() function doesn't
do anything undocumented and wierd...
Fixing libc.so will fix all dynamically linked programs.
Those of you who have a statically linked sendmail, will
need to relink it after upgrading libc.a (the static libc)