[16228] in bugtraq
Re: reporting local security problems (was: for WinNT)
daemon@ATHENA.MIT.EDU (Claus Assmann)
Mon Aug 14 14:47:42 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000811202318.A18196@zardoc.endmail.org>
Date: Fri, 11 Aug 2000 20:23:18 -0700
Reply-To: Claus Assmann <ca+bugtraq@ZARDOC.ENDMAIL.ORG>
From: Claus Assmann <ca+bugtraq@ZARDOC.ENDMAIL.ORG>
X-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200008111628.MAA16162@Twig.Rodents.Montreal.QC.CA>; from
mouse@RODENTS.MONTREAL.QC.CA on Fri, Aug 11,
2000 at 12:28:46PM -0400
On Fri, Aug 11, 2000, der Mouse wrote:
> Unfortunately it also finds non-problems too. I have a system on which
> the directories in the path leading to the aliases files are
> group-writeable, by design. (The system has all of two users, both of
> whom are trusted.) Sendmail kvetches about this every time I run
> newaliases - I consider it broken for it to arrogate to itself the
> right to tell me how my system should be set up, or that something like
> this is a problem, and if it refused to run, or if it complained more
> often or more verbosely, I would fix it (or, perhaps, switch).
sendmail allows you to override most of it's safety checks.
See doc/op/op.{me,ps}, look for
DontBlameSendmail=option,option,...
DontWarnForwardFileInUnsafeDirPath
ForwardFileInUnsafeDirPath
ForwardFileInUnsafeDirPathSafe
ForwardFileIngroupWritableDirPath
GroupWritableForwardFileSafe
and many more...
sendmail just has been blamed too often for misconfigured systems
("My /etc is world writable and now someone got root access using
sendmail") that's why all of these checks are in there.
