Bugtraq mailing list archives
Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Andrew Hilborne <andrew.hilborne () uk xo com>
Date: 15 May 2001 14:15:45 +0100
Casper Dik <Casper.Dik () Sun COM> writes:
I'm not sure why all of the Solaris mail programs are actually set-gid mail. If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr, /usr/openwin/bin/mailtool nothing should break. (At least not if you /var/mail directory has the standard 1777 permissions) By forcing a file permission of 600 on mailboxes, group mail should not gain you anything.
Just how do you force 0600 on mailboxes which don't exist (many MUAs remove empty mailboxes?) Since you cannot easily do this, at the very least a malicious user should be able to steal other users' mail. I think. -- Andrew Hilborne
Current thread:
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Andrew Hilborne (May 15)
- MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC)) Rich Lafferty (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Dan Astoorian (May 15)
- <Possible follow-ups>
- Re: Solaris /usr/bin/mailx exploit (SPARC) Tobias J. Kreidl (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
- Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 18)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Greg A. Woods (May 18)
- Re: Mail delivery privileges Peter W (May 19)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)