Mail Infobot Problem

[jamesg () phiber prysm com (James B. Gulledge)]

        I'm new so forgive me if this is old.

Program:

        sendmail, binmail, perhaps others.  I do not think this is a bug,
but poor policy.

Effect:
        Any user with an account on the local system can gain root access.

Method:
        On the machine in question, the infobot aliases pointed to
scripts in a globally writable subdirectory.  For instance:

(In the /etc/aliases file)
info "|/usr/majordomo/info.sh"

/usr/majordomo has 777 privilages.

Simply replace the "info.sh" file in the subdirectory with whatever you
want to run, send mail to the alias in the aliases file, and you're in.


        This may be known, but I could not find reference to it.  The two
problems are that in many systems sendmail runs as root, and that the
subdirectory where the scripts are kept is globally writable.  The
easiest solution would be to give as little access to that sudirectory as
possible.

James B. Gulledge
Prysm Technologies, Inc.
Shreveport, LA