Bugtraq mailing list archives

Re: Sendmail up to 8.9.1 - mail.local instroduces new class of

From: jeremiah () GRAVITON RTINET NET (Jeremiah Rothschild)
Date: Mon, 10 Aug 1998 09:30:35 -0500


I run sendmail suid/sgid mail..  Therefore, if hacked, the worst situation
would be losing mail spools.  Doing this has been nicely documented..

Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html

# ip

On Thu, 9 Jul 1998, Michal Zalewski wrote:

It's stupid to make any part of sendmail package setuid. It's really
possible to make sendmail work with no setuid nor setgid, by arranging
proper communication with sendmail daemon, if running. Also, I suggest to
be at least careful with new features of recent Sendmail version :-)

Current thread:

Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- linux kernel patch - suid procs exec'd with bad 0,1,2 fds Zachary Amsden (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Kragen (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Pavel Kankovsky (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 David Damerell (Aug 06)
  - Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
    - Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jeremiah Rothschild (Aug 10)
    - Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Scott Stone (Aug 10)
    - Network Associates Inc. Advisory (OpenBSD) Security Research Labs (Aug 10)
  - Re: Object tag crashes Internet Explorer 4.0 Alan Cox (Aug 07)
  - Description of the Eudora Security Hole Aleph One (Aug 07)
- resend Steve Bellovin (Aug 06)
  - Re: resend Casper Dik (Aug 07)
- <Possible follow-ups>
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
  - Re: Object tag crashes Internet Explorer 4.0 Joe (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
  - Re: Object tag crashes Internet Explorer 4.0 Roger Espel Llima (Aug 06)

(Thread continues...)