Bugtraq mailing list archives

Re: Solaris /usr/bin/mailx exploit (SPARC)

From: Andrew Hilborne <andrew.hilborne () uk xo com>
Date: 15 May 2001 14:15:45 +0100

Casper Dik <Casper.Dik () Sun COM> writes:

I'm not sure why all of the Solaris mail programs are actually set-gid 
mail.

If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, 
/usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
/usr/openwin/bin/mailtool nothing should break.

(At least not if you /var/mail directory has the standard 1777 permissions)

By forcing a file permission of 600 on mailboxes, group mail should not
gain you anything.


Just how do you force 0600 on mailboxes which don't exist (many MUAs remove
empty mailboxes?)

Since you cannot easily do this, at the very least a malicious user should be
able to steal other users' mail. I think.

--
Andrew Hilborne

Current thread:

Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
  - Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Andrew Hilborne (May 15)
  - MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC)) Rich Lafferty (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Dan Astoorian (May 15)
- <Possible follow-ups>
- Re: Solaris /usr/bin/mailx exploit (SPARC) Tobias J. Kreidl (May 16)
  - Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
    - Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
    - Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
    - Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 18)
    - Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Greg A. Woods (May 18)
    - Re: Mail delivery privileges Peter W (May 19)

(Thread continues...)