[819] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Michael Brennen)
Mon Jun 17 10:28:28 1996

Date: Sun, 16 Jun 1996 22:13:17 -0500 (CDT)
From: Michael Brennen <mbrennen@fni.com>
To: Renegade <renegade@dnaco.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <31BF98CD.977ECC7@dnaco.net>

On Thu, 13 Jun 1996, Renegade wrote:

> 	I would have to agree.  But I would like to point out at least
> one thing that can be done for root mail security.  Many sendmail 
> implementations have a dangerous default setup that amounts to a line
> like this in the sendmail.cf file:
> 
> Mprog,          P=/bin/sh, F=lsDFMeu, S=10, R=20/40, D=$z:/,
> 
> 	Basically if a e-mail message begins like a sh shell script
> with a first line of:
> 
> #!/bin/sh

[...clip...]

8.7.* sendmails fix this, as well as some of the later 8.6 series. 
Another alternative is to install smrsh as the shell that executes
programs.  This allows a much tighter environment.  smrsh comes with the
8.7 distribution, though it is not really a formal part of sendmail.

   -- Michael

home help back first fref pref prev next nref lref last post