[942] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sendmail security i

daemon@ATHENA.MIT.EDU (Miller, Raul D.)
Tue Jul 23 04:56:15 1996

From: "Miller, Raul D." <RDMiller@legislate.com>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 22 Jul 96 11:48:00 PDT

Raul Miller wrote;
>>If this ever crosses uid boundaries, it should be treated as just another 
>>mail message and go through all the standard mechanisms for handling mail 
>>messages.

Jesse Pollard wrote:
>Unfortunately this will waste a LOT of time:
>    sendmail -> 0.delivery (gets 4 forwarding addresses)
....
> And each of these sendmail processes must do a delivery. Guess what happens 
>if one of these forwarded addresses includes an address of the first delivery
>(0.delivery). Infinite recursion.

An alternative would be to put sufficient information in the headers to 
detect the loop.  

An example of a mailer which performs at least as well as sendmail, and 
doesn't have sendmail's security problems exists at 
ftp://koobera.math.uic.edu/pub/software/

The most recent version is qmail-0.76.tar.gz

It's still in beta, but several CERT announcements have gone out on sendmail 
(and analogous mailers, such as smail) and in each case qmail has not 
exhibitted the problem.  (qmail is coded very defensively).  The reason it's 
still in beta has to do with large scale deployment issues -- administration, 
list management, backwards compatability with (a minimal set of) sendmail 
features.

Anyways, the point is that there's no design issue that prevents an efficient 
implementation of a mail transport agent which hands off mail at each uid 
boundary.

Jesse Pollard wrote:
>The approach outlined is also a major performance hog. Sendmail is an
>intelligent (well... relatively) delivery and does analysis to reduce system
>overhead and avoid delivering the same message multiple times.

I don't think that sendmail has made the right design tradeoffs.

-- 
Raul

home help back first fref pref prev next nref lref last post