Bugtraq mailing list archives

BSD mail.local has race condition

From: travis () EvTech com (Travis Hassloch x231)
Date: Wed, 10 Jul 1996 14:17:16 -0500


Same as the Solaris mailx bug.  As usual, to exploit the bug, you
have to have write perms to the mail spool.  This means a security
conscious admin should turn world-write off, but this may break
mail user agents.  A mail.local fix should be forthcoming, but
is pretty obvious -- same deal as writing to /tmp or other world-write
dirs from an SUID root program.

I had a stupid response to the Solaris mailx bug; I hope it didn't
get propogated here (it went out to Best-Of, oops).  Sorry, I was
going cold-turkey on the caffeine, and was judgement-challenged.
--
Travis Hassloch, Electronic Blacksmith | P=NP if (P=0 or N=1)
There's a fine line between an email message and its signature.

Current thread:

Re: at the risk of another flamefest.., (continued)
- - - Re: at the risk of another flamefest.. David Stagner (Jul 15)
    - Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
    - hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
    - Re: rdist exploit [bsdi] System Manager (Jul 13)
    - Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 12)
    - Re: rdist exploit [bsdi] Cosimo Leipold (Jul 13)
    - Re: rdist exploit [bsdi] Jack Flory (Jul 13)
    - Re: rdist exploit [bsdi] Chris Caputo (Jul 13)
    - Re: rdist exploit [bsdi] Brian Mitchell (Jul 14)
  - BSD mail.local has race condition Travis Hassloch x231 (Jul 10)
- CERT Advisory CA-96.13.dip_vul (dip vulnerability). Jeff Uphoff (Jul 09)