Bugtraq mailing list archives
Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Casper Dik <Casper.Dik () Sun COM>
Date: Mon, 14 May 2001 10:24:10 +0200
I'm not sure why all of the Solaris mail programs are actually set-gid mail. If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr, /usr/openwin/bin/mailtool nothing should break. (At least not if you /var/mail directory has the standard 1777 permissions) By forcing a file permission of 600 on mailboxes, group mail should not gain you anything. Casper
Current thread:
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Andrew Hilborne (May 15)
- MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC)) Rich Lafferty (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Dan Astoorian (May 15)
- <Possible follow-ups>
- Re: Solaris /usr/bin/mailx exploit (SPARC) Tobias J. Kreidl (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)