John Kennedy wrote: > On Wed, Sep 01, 1999 at 09:08:55PM +0400, Seva Gluschenko wrote: > > man sendmail: > > /-C > > ...skipping... > > -Cfile Use alternate configuration file. Sendmail refuses to run > > as root if an alternate configuration file is specified. > > > > and it does, for sure %-). > > > > Just tested this on different versions of FreeBSD and had no effects > > except Mail Delivery message: > > > > The following address has permanent fatal errors: > > -C/tmp/vixie-cf gvs > > > > So, sendmail _really_ refuses to accept -C key when run as root > > ??? I haven't looked hard at that exploit, but I know sendmail and that > is untrue. Yes, and all the ``fixes'' to the problem that I've seen are going in the wrong direction IMHO. FreeBSD simply does not let the user pass *any* arguments to sendmail. It calls sendmail with '-t' and the problem is solved. Completely. No need to mess around with bizzare command line argument filtering or other fragile solutions because the problem is gone once there are no command line arguments to filter. We fixed this particular problem in April 1995 along with tightening up a few other things. Cheers, -Peter -- Peter Wemm - peterat_private; peter@yahoo-inc.com; peterat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:56 PDT