Bugtraq mailing list archives
Re: Sendmail up to 8.9.1 - mail.local instroduces new class of
From: hurtta+zz2 () OZONE FMI FI (Kari E. Hurtta)
Date: Wed, 12 Aug 1998 11:50:22 +0300
Brett Lymn:
According to Jonathan Stott:A better fix would be to use procmail, or /bin/mail, or some other program for local mail delivery.A lot of people have been recommending putting procmail in to perform filtering of mail as an adjunct to sendmail. I did a quick grep for the notorious strc{at,py} commands in the procmail source and found quite a few. I have not analysed the code but people putting in filters now to prevent the recent problems with mime et al could be (I said _could_be_) leaving themselves open for a more subtle exploit later on via procmail overflows.
It is also possible to make sure that mail.local (or any other mail delivery program) can be used only by sendmail: Assuming that program was setuid root: 1) drop setuid bit chmod u-s /usr/libexec/mail.local 2) add define (`LOCAL_MAILER_FLAGS',LOCAL_MAILER_FLAGS`S') to your *.mc file before MAILER(local) -line. Alternatively add just FEATURE(local_lmtp) before MAILER(local) -line ('S' flags is already defined by FEATURE(local_lmtp) so it do not need to be added.) That S flag causes that sendmail calls local mailer as root. So mailer itself does not need to be setuid root. Summary: If you use FEATURE(local_lmtp) /usr/libexec/mail.local does not need to be setuid root. / Kari Hurtta
Current thread:
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jonathan Stott (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Chip Salzenberg (Aug 10)
- Yet another DOS/Exploit in ICQ?????? Arnvid L. Karstad (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Brett Lymn (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Kari E. Hurtta (Aug 12)
- Re: Apache DoS Attack Dag-Erling Coidan Smørgrav (Aug 12)
- Microsoft Security Bulletin (MS98-008) Aleph One (Aug 12)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Aug 12)
- Netscape Exploit? Mozilla? Crispin Cowan (Aug 11)
- FW: CERT Advisory CA-98.10 - mime_buffer_overflows Patrick Oonk (Aug 11)
- Re: FW: CERT Advisory CA-98.10 - mime_buffer_overflows (VU#5648) John D. Hardin (Aug 11)
- RotoRouter 1.0 - Traceroute log & fake #include (Aug 11)
- Re: RotoRouter 1.0 - Traceroute log & fake Vadim Kolontsov (Aug 11)