[843] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] standard users,groups,perms?

daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Mon Jun 24 14:58:35 1996

Date: Fri, 21 Jun 1996 19:52:52 -0400
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: linux-security@tarsier.cv.nrao.edu, renegade@dnaco.net

#!/bin/sh -c "echo 'BOOOOOOOM!'"

Oh, dear.

>	I would have to agree.  But I would like to point out at least
> one thing that can be done for root mail security.  Many sendmail 
> implementations have a dangerous default setup that amounts to a line
> like this in the sendmail.cf file:
> Mprog,          P=/bin/sh, F=lsDFMeu, S=10, R=20/40, D=$z:/,
>	Basically if a e-mail message begins like a sh shell script
> with a first line of:
> #!/bin/sh
>	The email will be executed as a shell script  (At the time
> it is read).  ...

Let's not get alarmist.  ("Run for your lives!  The Good Times virus is
real!")  If this were true, this mail message would have just echoed
"BOOOOOOOM!", and you would not be reading it.

The "prog" delivery agent tells what to do if 'sendmail' gets a mail
address in the form of "|filter" - in other words, a "pipe" symbol
(vertical bar) followed by a filter program name, to which the mail
message is passed as input.  On a properly configured system, this mail
address can't be received in the ordinary way, but only as an alias or
a forwarding address.  So, it must have been set up by somebody ON YOUR
SYSTEM - preferably, with some idea of what he or she was doing.  It
should never be something that could cause damage or denial of service
- although one of my workmates' use of elm's "filter" program came near
to denying HIM service.

Remember, OBTW, that sendmail is not even running when you read your
mail!!!  Sendmail is the mail transfer agent, which calls the mail
delivery agent (/bin/mail, /bin/sh, whatever).  Your 'mail', 'mailx',
'elm', 'pine', or PC junk is the mail reader.  If you are using Eudora,
e.g., from your PC, how can sendmail initiate a "BOOM"?

;-)

Joe Yao				jsdy@cais.com - Joseph S. D. Yao

home help back first fref pref prev next nref lref last post