[828] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Mprog Thread

daemon@ATHENA.MIT.EDU (Renegade)
Wed Jun 19 14:44:27 1996

Date: Tue, 18 Jun 1996 23:23:23 -0400
From: Renegade <renegade@dnaco.net>
To: linux-security@tarsier.cv.nrao.edu

Let's end this Mprog thread.  What I saw happen with
a early 6.xx version of sendmail was a bug [as Rogier Wolff
has identified below], and not a property of the
Mprog configuration.  While it would be safer to disable
the Mprog [as we were advised to do in the past] the problem
is apparently fixed.  Mprog allows aliases, and .forward files to
transfer a mail message to a acutal program for processing.
As an example, Majordomo uses the /etc/alias file to forward
messages to Majordomo scripts.

        The original point I wanted to get across was
that it was safer to disable the Mprog line if possible.
I was slighty misinformed myself about the Mprog
functionality.  The other point was to alias all the
non-user accounts [and root] to the actual administrator
of the system.  I also use TCP wrappers with booby traps
for instant e-mail notification of an access attempts but
that is another can of worms.

        I had no intention of disseminating incorrect
information, and I apologize for sharing my misunderstanding
about Mprog.

        Dave



Rogier Wolff wrote:
>
>
> Ok. A bug in the 6.xx versions it was possible to send
> ------------------
> mail from: "|/usr/bin/tail |/bin/sh"
> rcpt to: no-such-user
> data
>
> here
> are
> exactly
> 10
> lines
> to
> execute
> as a
> shell
> script
> ------------------
> This could be fixed by disabeling mailing to programs altogether by
> deleting the Mprog line.
>
> Please be careful not to disseminate incorrect security information.
> Indeed it is a good idea to disable the Mprog line, but not because
> you can simply mail a shell script which will automatically get
> executed.
>
>                                         Roger.
>
--

// mailto:renegade@dnaco.net
// http://www.dnaco.net/~renegade/

home help back first fref pref prev next nref lref last post