[1878] in bugtraq
Re: From the moderator: READ Please
daemon@ATHENA.MIT.EDU (smb@research.att.com)
Mon May 22 15:56:43 1995
From: smb@research.att.com
To: Claudio Telmon <claudio@fire.di.unipi.it>
Cc: bugtraq@crimelab.com
Date: Mon, 22 May 95 14:13:02 EDT
1) Some new releases of sendmail install the program as group kmem.
I can't see any good reason for this, if I'm wrong please
correct me. This group is dangerous, because it is able to
read the kernel and physical memory. I was able to get a
shell as group kmem via the old ident bug, and to find some
fragments of the shadow passwords file in the kernel memory.
Newer bug s may give the same opportunity.
Sendmail tries to determine the load average of the machine; on some
platforms, the only way to do that is by reading /dev/kmem. That doesn't
change the fact that it's stupid to give sendmail that much power. (On
the other hand, it's already setuid root; what does yet one more
privilege matter....?)
