[13574] in bugtraq
Re: majordomo 1.94.5 does not fix all vulnerabilities
daemon@ATHENA.MIT.EDU (Martin Mares)
Wed Jan 26 14:04:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000125225219.A693@albireo.ucw.cz>
Date: Tue, 25 Jan 2000 22:52:19 +0100
Reply-To: Martin Mares <mj@UCW.CZ>
From: Martin Mares <mj@UCW.CZ>
X-To: Olaf Kirch <okir@CALDERA.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000125155609.D15450@monad.swb.de>; from okir@CALDERA.DE on
Tue, Jan 25, 2000 at 03:56:09PM +0100
Hello!
> If you think about it, this makes daemon and majordomo accounts
> interchangeable. If I break daemon, I can become majordomo because of
> all the holes in it. If I can become majordomo, I can also become
> daemon--I just have to replace the wrapper program with my own binary
> (the majordomo directory is owned by majordomo in the default install).
Another possibility is to drop `wrapper' and use a mail queue management
daemon with a simple setuid utility for inserting new mail to the queue.
See ftp://atrey.karlin.mff.cuni.cz/pub/local/mj/net/usher-1.0.tar.gz
for details.
Have a nice fortnight
--
Martin `MJ' Mares <mj@ucw.cz> http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"Anyone can build a fast CPU. The trick is to build a fast system." -- S. Cray
