Bugtraq mailing list archives
Re: reporting local security problems (was: for WinNT)
From: Claus Assmann <ca+bugtraq () ZARDOC ENDMAIL ORG>
Date: Fri, 11 Aug 2000 20:23:18 -0700
On Fri, Aug 11, 2000, der Mouse wrote:
Unfortunately it also finds non-problems too. I have a system on which the directories in the path leading to the aliases files are group-writeable, by design. (The system has all of two users, both of whom are trusted.) Sendmail kvetches about this every time I run newaliases - I consider it broken for it to arrogate to itself the right to tell me how my system should be set up, or that something like this is a problem, and if it refused to run, or if it complained more often or more verbosely, I would fix it (or, perhaps, switch).
sendmail allows you to override most of it's safety checks. See doc/op/op.{me,ps}, look for DontBlameSendmail=option,option,... DontWarnForwardFileInUnsafeDirPath ForwardFileInUnsafeDirPath ForwardFileInUnsafeDirPathSafe ForwardFileIngroupWritableDirPath GroupWritableForwardFileSafe and many more... sendmail just has been blamed too often for misconfigured systems ("My /etc is world writable and now someone got root access using sendmail") that's why all of these checks are in there.
Current thread:
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) der Mouse (Aug 11)
- Re: reporting local security problems for WinNT (Re: Escalation of privileges) H Carvey (Aug 14)
- Re: reporting local security problems (was: for WinNT) Claus Assmann (Aug 14)