[20724] in bugtraq
Re: Mail delivery privileges (was: Solaris /usr/bin/mailx
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Sat May 19 21:28:44 2001
Message-Id: <200105191904.f4JJ4MG01889@cwsys.cwsent.com>
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: woods@weird.com (Greg A. Woods)
Cc: wietse@porcupine.org (Wietse Venema), bugtraq@securityfocus.com
In-reply-to: Your message of "Fri, 18 May 2001 16:35:08 EDT."
<20010518203508.DCF0EC3@proven.weird.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 19 May 2001 12:03:26 -0700
In message <20010518203508.DCF0EC3@proven.weird.com>, Greg A. Woods
writes:
> [ On Friday, May 18, 2001 at 11:18:51 (-0400), Wietse Venema wrote: ]
> > 3 - User-specified shell commands. Traditionally, a user can specify
> > any shell command in ~user/.forward, and that command will execute
> > with the privileges of that user. This requires SUPER-USER privileges
> > in the mail delivery software itself or in mail helper software.
>
> Oh, OK, you've got me on that one! ;-)
>
> I was trying very carefully to avoid that particular pit of snakes, but
> I suppose I should have known it was inevitable that someone would find
> me out eventually!
A small helper program to handle shell command .forward files would be
a lot more secure than an MTA performing the deed. It's not a perfect
solution but is a lot better than what we've got now for the simple
reason that a smaller program is easier to audit and thus generally
more secure than a larger more complex program.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
