Bugtraq mailing list archives
Re: BoS: Re: Solaris mailx hole
From: travis () EvTech com (Travis Hassloch x231)
Date: Tue, 2 Jul 1996 14:10:28 -0500
In message <Pine.SUN.3.91.960702005934.18788A-100000 () bigdog fred net> you write :
echo "localhost $USER" | /bin/mail $TARGET
This line should be preceeded somewhere in the script by a line which sets $USER: USER=`whoami`
2. We have considered several potential workarounds for this vulnerability. The ideal fix would be to remove global write access to the mail spool directory. However, this is not possible as programs such as /bin/mail, /usr/ucb/Mail and elm require everyone to have write access. Also it is not
or to be sgid-mail.
possible to, for example, change the group ownership of /var/spool/mail to mail and give /bin/mail and /usr/ucb/Mail setgid mail privilege, as they do not reset their group id before forking a shell.
Unless you have sources and can fix them.
i. Ensure that every user maintains a mailbox file. The following program will create a mailbox for every user on the system, if one does not currently exist.
Would it also suffice to have an alias for each such user?
Current thread:
- Solaris mailx hole Marc Mosko/jfrank/us (Jun 30)
- Re: Solaris mailx hole Andy Dills (Jul 01)
- Re: Solaris mailx hole Casper Dik (Jul 02)
- Re: Solaris mailx hole Andy Dills (Jul 02)
- CD4300 series BUG DANIEL .D .EZEKIEL (Jul 02)
- Re: BoS: Re: Solaris mailx hole Travis Hassloch x231 (Jul 02)
- Re: Solaris mailx hole Dave Roberts (Jul 03)
- Re: Solaris mailx hole Andy Dills (Jul 03)
- [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 [Forwarded e-mail from Jeff Uphoff (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Michael Brennen (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Mark_W_Loveless () smtp bnr com (Jul 04)
- IIS bug test Paolo Taraboi (Jul 04)
- IMAPD security problems ? Zvi Bar-Deroma (Jul 04)
- Re: IMAPD security problems ? Ian MacPhedran (Jul 04)
- Re: Solaris mailx hole Casper Dik (Jul 02)
- Re: Solaris mailx hole Andy Dills (Jul 01)
- <Possible follow-ups>
- Re: Solaris mailx hole Josef Buergler (Jul 02)
- Re: Solaris mailx hole Rick Otten (Jul 03)