[7613] in bugtraq
Re: Sendmail up to 8.9.1 - mail.local instroduces new class of
daemon@ATHENA.MIT.EDU (Brett Lymn)
Tue Aug 11 17:33:45 1998
Date: Tue, 11 Aug 1998 11:19:51 +0930
Reply-To: Brett Lymn <blymn@BAEA.COM.AU>
From: Brett Lymn <blymn@BAEA.COM.AU>
X-To: jstott@POLY.PHYS.CWRU.EDU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199808101317.JAA04198@poly.phys.cwru.edu> from "Jonathan Stott"
at Aug 10, 98 09:17:26 am
According to Jonathan Stott:
>
>A better fix would be to use procmail, or /bin/mail, or some other
>program for local mail delivery.
>
A lot of people have been recommending putting procmail in to perform
filtering of mail as an adjunct to sendmail. I did a quick grep for
the notorious strc{at,py} commands in the procmail source and found
quite a few. I have not analysed the code but people putting in
filters now to prevent the recent problems with mime et al could be
(I said _could_be_) leaving themselves open for a more subtle exploit
later on via procmail overflows.
--
Brett Lymn, Computer Systems Administrator, British Aerospace Australia
===============================================================================
And the monks would cry unto them, "Keep the bloody noise down!"
- Mort, Terry Pratchett.
