Bugtraq mailing list archives
Re: Sendmail 8.x.x - any user may rebuild aliases database
From: sendmail+gshapiro () SENDMAIL ORG (Gregory Neil Shapiro)
Date: Mon, 22 Nov 1999 23:48:17 -0800
-----BEGIN PGP SIGNED MESSAGE----- lcamtuf> Sendmail up to recent 8.9.x versions - any user may pass -bi lcamtuf> parameter to /usr/sbin/sendmail. This will result in aliases lcamtuf> database rebuild. IMHO there's no reason to allow such things, but lcamtuf> no matter - something rather stupid is done during rebuild: lcamtuf> 5366 open("/etc/aliases.db", O_RDWR|O_TRUNC) = 6 lcamtuf> What a bad luck! There's approx 0.1 sec delay due to /etc/aliases lcamtuf> processing (on my system). Meantime, luser might deliver any lcamtuf> signals to sendmail process... SIGKILL is quite good. After that, lcamtuf> /etc/aliases.db will be left in unusable state (no EOF marker), lcamtuf> causing DoS: Thank you for bringing this to our attention. We have limited the newaliases command to root and trusted users for 8.10.0.Beta7. We have also deprecated the AutoRebuildAliases option since if set, a similar attack may be possible. We intend to remove the AutoRebuildAliases functionality in a future version. I've included a patch against sendmail 8.9.3 for those who want to protect against this denial of service attack. As always, we encourage mailing bug reports, including documentation or release notes bugs, to release notes bugs, to sendmail-bugs () sendmail org. Security issues can be mailed to sendmail-security () sendmail org and encrypted with the sendmail-security () sendmail org PGP key: Type Bits KeyID Created Expires Algorithm Use pub 1024 0x16F4CCE9 1999-06-23 ---------- RSA Sign & Encrypt uid Sendmail Security <sendmail-security () sendmail org> The sendmail 8.9.3 patch: - --- main.c~orig Sat Jan 9 15:31:13 1999 +++ main.c Wed Nov 17 19:04:44 1999 @@ -984,6 +984,18 @@ usrerr("Permission denied"); finis(FALSE, EX_USAGE); } + if (OpMode == MD_INITALIAS && + RealUid != 0 && + RealUid != TrustedUid && + !wordinclass(RealUserName, 't')) + { + if (LogLevel > 1) + sm_syslog(LOG_ALERT, NOQID, + "user %d attempted to rebuild the alias map", + RealUid); + usrerr("Permission denied"); + finis(FALSE, EX_USAGE); + } if (MeToo) BlankEnvelope.e_flags |= EF_METOO; Note that PGP signing this message changes the first line of the patch by adding a "- " before the "---". Remove the added "- " before trying to apply the patch. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0 for non-commercial use Comment: Processed by Mailcrypt 3.5.4, an Emacs/PGP interface Charset: noconv iQCVAwUBODpGtsApykAW9MzpAQHsnwQAgN/vqojM5DgDdJ/Z3+Qs0JunGqIDWlCh ML3+sXam38ZFA+/JgTYM4d1ZSxj+y7LmcN8Z1aLV0r6Ix9Ywkp83Akh9D0zs7sZR 15EbyuHhM2Q+MkPeGMtjhj4E9ptP2EjbqumbOWW+zojn+blWqf0GMjoulXDpk1O3 hTSlXU7zYDM= =WDU8 -----END PGP SIGNATURE-----
Current thread:
- Sendmail 8.x.x - any user may rebuild aliases database Michal Zalewski (Dec 12)
- Re: Sendmail 8.x.x - any user may rebuild aliases database Gregory Neil Shapiro (Nov 22)