[819] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Michael Brennen)
Mon Jun 17 10:28:28 1996
Date: Sun, 16 Jun 1996 22:13:17 -0500 (CDT)
From: Michael Brennen <mbrennen@fni.com>
To: Renegade <renegade@dnaco.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <31BF98CD.977ECC7@dnaco.net>
On Thu, 13 Jun 1996, Renegade wrote:
> I would have to agree. But I would like to point out at least
> one thing that can be done for root mail security. Many sendmail
> implementations have a dangerous default setup that amounts to a line
> like this in the sendmail.cf file:
>
> Mprog, P=/bin/sh, F=lsDFMeu, S=10, R=20/40, D=$z:/,
>
> Basically if a e-mail message begins like a sh shell script
> with a first line of:
>
> #!/bin/sh
[...clip...]
8.7.* sendmails fix this, as well as some of the later 8.6 series.
Another alternative is to install smrsh as the shell that executes
programs. This allows a much tighter environment. smrsh comes with the
8.7 distribution, though it is not really a formal part of sendmail.
-- Michael