Hello Seva Gluschenko! Wed, Sep 01, 1999 at 21:08:55, gvs wrote about "Re: Root shell vixie cron exploit": MZ> flags, this exploit won't bring anything shocking - simply, it's working MZ> example. > > man sendmail: > /-C > ...skipping... > -Cfile Use alternate configuration file. Sendmail refuses to run > as root if an alternate configuration file is specified. > > and it does, for sure %-). > > Just tested this on different versions of FreeBSD and had no effects > except Mail Delivery message: > > The following address has permanent fatal errors: > -C/tmp/vixie-cf gvs > > So, sendmail _really_ refuses to accept -C key when run as root Try to run sendmail with -C option as _root_ and you can really change config file when were root. -C flag only disable suid:root (causing setting effective uid to real uid via drop_privileges()). We really use sendmail with alternative configuration files in technology. Therefore, MZ is right... -- Valentin Nechayev netchat_private II:LDXIII/DCCCLXXIII.CCC
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:05 PDT