Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)

From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Sat, 19 May 2001 12:03:26 -0700
In message <20010518203508.DCF0EC3 () proven weird com>, Greg A. Woods 
writes:

[ On Friday, May 18, 2001 at 11:18:51 (-0400), Wietse Venema wrote: ]

3 - User-specified shell commands. Traditionally, a user can specify
any shell command in ~user/.forward, and that command will execute
with the privileges of that user. This requires SUPER-USER privileges
in the mail delivery software itself or in mail helper software.


Oh, OK, you've got me on that one!  ;-)

I was trying very carefully to avoid that particular pit of snakes, but
I suppose I should have known it was inevitable that someone would find
me out eventually!


A small helper program to handle shell command .forward files would be 
a lot more secure than an MTA performing the deed.  It's not a perfect 
solution but is a lot better than what we've got now for the simple 
reason that a smaller program is easier to audit and thus generally 
more secure than a larger more complex program.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC
Previous By Date Next
Previous By Thread Next

Current thread: