Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Sat, 19 May 2001 12:03:26 -0700

In message <20010518203508.DCF0EC3 () proven weird com>, Greg A. Woods 
[ On Friday, May 18, 2001 at 11:18:51 (-0400), Wietse Venema wrote: ]
3 - User-specified shell commands. Traditionally, a user can specify
any shell command in ~user/.forward, and that command will execute
with the privileges of that user. This requires SUPER-USER privileges
in the mail delivery software itself or in mail helper software.

Oh, OK, you've got me on that one!  ;-)

I was trying very carefully to avoid that particular pit of snakes, but
I suppose I should have known it was inevitable that someone would find
me out eventually!

A small helper program to handle shell command .forward files would be 
a lot more secure than an MTA performing the deed.  It's not a perfect 
solution but is a lot better than what we've got now for the simple 
reason that a smaller program is easier to audit and thus generally 
more secure than a larger more complex program.

Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]