-=desc=- Majordomo allows appending to any file owned by the majordomo user/group. -=x-ploit=- create a symlink in /tmp to any majordomo file ex: ln -s /usr/lib/majordomo/majordomo /tmp/majordomo.debug send a message with any emailer to majordomo with a "/" in the return address. (i tested with Winbloze Internet Mail) ex: blah/1234at_private the owner of majordomo will receive the below message... from then on, majordomo will be inoperable. (if the above symlink is used) Majordomo keeps a debug log and appends to it every time it crashes with out checking ownerships of the symlinks.. or for that matter for symlinks at all. --snip-- Subject: MAJORDOMO ABORT (mj_majordomo) -- MAJORDOMO ABORT (mj_majordomo)!! HOSTILE ADDRESS (no x400 c=) blah/34234at_private --snip-- -=fix=- should the wrapper not check for such things? party on. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Karl Grindley ICQ: 2660211 Network Administrator TQG Internet Network
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:09 PDT