Re: Sendmail up to 8.9.1 - mail.local instroduces new class of

From: Scott Stone (sstoneat_private)
Date: Mon Aug 10 1998 - 17:35:12 PDT

Next message: Arnvid L. Karstad: "Yet another DOS/Exploit in ICQ??????"

Previous message: John D. Hardin: "Re: Eudora executes (Java) URL"
Next in thread: Brett Lymn: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Aug 1998, Jeremiah Rothschild wrote:

> I run sendmail suid/sgid mail..  Therefore, if hacked, the worst situation
> would be losing mail spools.  Doing this has been nicely documented..
>
> Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html

On a related note, sendmail 8.9.0 has its mail.local setuid by default as
well.

>
> # ip
>
> On Thu, 9 Jul 1998, Michal Zalewski wrote:
>
> > It's stupid to make any part of sendmail package setuid. It's really
> > possible to make sendmail work with no setuid nor setgid, by arranging
> > proper communication with sendmail daemon, if running. Also, I suggest to
> > be at least careful with new features of recent Sendmail version :-)
>

--------------------------------------------------
Scott M. Stone <sstoneat_private, sstoneat_private>
               <sstoneat_private>
Head of TurboLinux Development/Systems Administrator
Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan)
http://www.pht.com              http://armadillo.pht.co.jp
http://www.pht.co.jp            http://www.turbolinux.com

Next message: Arnvid L. Karstad: "Yet another DOS/Exploit in ICQ??????"
Previous message: John D. Hardin: "Re: Eudora executes (Java) URL"
Next in thread: Brett Lymn: "Re: Sendmail up to 8.9.1 - mail.local instroduces new class of"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:58 PDT