[11710] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Root shell vixie cron exploit

daemon@ATHENA.MIT.EDU (Christos Zoulas)
Tue Sep 7 11:39:35 1999

Message-Id:  <199909040142.VAA28018@hrothgar.gw.com>
Date:         Fri, 3 Sep 1999 21:42:22 -0400
Reply-To: Christos Zoulas <christos@ZOULAS.COM>
From: Christos Zoulas <christos@ZOULAS.COM>
X-To:         Seva Gluschenko <gvs@RINET.RU>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.BSF.4.10.9909012102410.31140-100000@diggy.rinet.ru> from
              Seva Gluschenko (Sep  1,  9:08pm)

On Sep 1,  9:08pm, gvs@RINET.RU (Seva Gluschenko) wrote:
-- Subject: Re: Root shell vixie cron exploit

| The following address has permanent fatal errors:
| -C/tmp/vixie-cf gvs
|
| So, sendmail _really_ refuses to accept -C key when run as root

You've reached the wrong conclusion. *BSD's cron uses -t and passes
recipients through stdin (which is TRT), instead of kluges to parse
MAILTO and ignore things that start with -.

christos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11710] in bugtraq

Re: Root shell vixie cron exploit

daemon@ATHENA.MIT.EDU (Christos Zoulas)Tue Sep 7 11:39:35 1999

daemon@ATHENA.MIT.EDU (Christos Zoulas)
Tue Sep 7 11:39:35 1999