Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Vulnerability in HP OpenMail
From: richi () HP COM (Richi Jennings)
Date: Thu, 23 Apr 1998 14:31:07 +0100

dej wrote...

The good news is that mail users have their own Unix UIDs on the server.
The real problem is situations where the sysadmin has denied users regular
login access to the mail server, possibly by putting "*" in the password
field.  This is standard practice as a security measure.  If you have done
this on your OpenMail server, then you may want to check your security
measures carefully - your users can get the equivalent of shell whether you
allow it or not.

This is a generic issue with any program that permits shell escapes.  It is
generally-accepted good practice to set up UNIX users with an
appropriately-configured restricted shell.  Relying on a '*' in the password
field is not sufficient--that only means "deny logon", not "deny arbitrary
shell command."

For even tighter security, the shell can be reset to /bin/true , but that would
not of course allow a user to call lp.

OpenMail administrators can also look into the OpenMail "print server"
functionality, particularly the documentation on the general.cfg setting
UAL_PRINT_SERVER_ONLY in the OpenMail Technical Guide.


 Richi Jennings <richi () hp com>        Phone: +44 (0)1344-365870 or HPT316-5870
 OpenMail Outbound & Technical        Pager: richi-beep () pwd hp com
 HP Communications Software Oper. UK  http://www.hp.com/go/openmail

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]