Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Andrew Hilborne <andrew.hilborne () uk xo com>
Date: 15 May 2001 14:15:45 +0100

Casper Dik <Casper.Dik () Sun COM> writes:

I'm not sure why all of the Solaris mail programs are actually set-gid 
mail.

If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, 
/usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
/usr/openwin/bin/mailtool nothing should break.

(At least not if you /var/mail directory has the standard 1777 permissions)

By forcing a file permission of 600 on mailboxes, group mail should not
gain you anything.

Just how do you force 0600 on mailboxes which don't exist (many MUAs remove
empty mailboxes?)

Since you cannot easily do this, at the very least a malicious user should be
able to steal other users' mail. I think.

--
Andrew Hilborne


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault