Bugtraq mailing list archives
Re: Security Problem in MH 6.8.4
From: guenther () GAC EDU (Philip Guenther)
Date: Tue, 20 Jan 1998 13:37:14 -0600
In response to the security hole in MH's inc program, mparson () SMARTNAP COM writes:
How about: Remove suid bit from inc.
I'll second this with the note that inc only needs to be setuid for RPOP, a non-standard POP authentication method which uses rlogin/rsh-like authentication via ruserok(). We all know how secure _that_ is, so losing that functionality might be considered a feature. Of course, you should check to make sure your popserver doesn't support RPOP to catch that hole.
Instead, use popclient to retrieve mail and procmail/rcvstore to deliver the messages into the MH mailboxes. This still allows users to use inc to suck in mbox format mailboxes.
You can still do POP with either username/password or APOP authentication with a non-setuid inc -- you just have to type your password each time.
The popclient package is also installed by default with RedHat (at least it was with 4.2, I haven't installed 5.0 yet).MH also installs another suid-program: msgchk. It's also posible to get a Segmentation fault whith the same option, but I haven't been able to exploit it. I have worked on it quite a few. Could someone probe it a little deeper??
Once again, RPOP is reason behind the setuid bit being on. Torch it. Redhat should be compiling MH without RPOP and overriding the installation commands that turn on the setuid bits on inc and msgchk. Philip Guenther ---------------------------------------------------------------- Philip Guenther UNIX Systems and Network Administrator Internet: guenther () gac edu Voicenet: (507) 933-7596 Gustavus Adolphus College St. Peter, MN 56082-1498
Current thread:
- Java reboots win95 Joe Lindstr?m (Jan 17)
- Re: Java reboots win95 David LeBlanc (Jan 17)
- GCC Exploit Phillip R. Jaenke (Jan 17)
- Security Problem in MH 6.8.4 Cesar Tascon Alvarez (Jan 19)
- Re: Security Problem in MH 6.8.4 mparson () SMARTNAP COM (Jan 19)
- Re: Security Problem in MH 6.8.4 Philip Guenther (Jan 20)
- Re: Security Problem in MH 6.8.4 Cy Schubert - ITSD Open Systems Group (Jan 20)
- Re: Security Problem in MH 6.8.4 Alan Cox (Jan 20)
- L0pht Security Advisory mattw (Jan 20)
- Re: Security Problem in MH 6.8.4 mparson () SMARTNAP COM (Jan 19)