In response to the security hole in MH's inc program, mparsonat_private writes: >How about: > >Remove suid bit from inc. I'll second this with the note that inc only needs to be setuid for RPOP, a non-standard POP authentication method which uses rlogin/rsh-like authentication via ruserok(). We all know how secure _that_ is, so losing that functionality might be considered a feature. Of course, you should check to make sure your popserver doesn't support RPOP to catch that hole. >Instead, use popclient to retrieve mail and procmail/rcvstore to deliver >the messages into the MH mailboxes. This still allows users to use inc >to suck in mbox format mailboxes. You can still do POP with either username/password or APOP authentication with a non-setuid inc -- you just have to type your password each time. >The popclient package is also installed by default with RedHat (at least it >was with 4.2, I haven't installed 5.0 yet). > >> MH also installs another suid-program: msgchk. It's also posible to get a >> Segmentation fault whith the same option, but I haven't been able to exploit >> it. I have worked on it quite a few. Could someone probe it a little deeper?? Once again, RPOP is reason behind the setuid bit being on. Torch it. Redhat should be compiling MH without RPOP and overriding the installation commands that turn on the setuid bits on inc and msgchk. Philip Guenther ---------------------------------------------------------------- Philip Guenther UNIX Systems and Network Administrator Internet: guentherat_private Voicenet: (507) 933-7596 Gustavus Adolphus College St. Peter, MN 56082-1498
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:40:14 PDT