Re: Root shell vixie cron exploit

From: Valentin Nechayev (netchat_private)
Date: Sat Sep 04 1999 - 00:51:50 PDT

Next message: David LeBlanc: "Re: IE5 allows executing programs"

Previous message: Crispin Cowan: "Re: Stack Shield: defending from"
Next in thread: John Kennedy: "Re: Root shell vixie cron exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Seva Gluschenko!

 Wed, Sep 01, 1999 at 21:08:55, gvs wrote about "Re: Root shell vixie cron exploit":

 MZ> flags, this exploit won't bring anything shocking - simply, it's working
 MZ> example.
>
> man sendmail:
> /-C
> ...skipping...
> 	-Cfile  Use alternate configuration file.  Sendmail refuses to run
> 		as root if an alternate configuration file is specified.
>
> and it does, for sure %-).
>
> Just tested this on different versions of FreeBSD and had no effects
> except Mail Delivery message:
>
> The following address has permanent fatal errors:
> -C/tmp/vixie-cf gvs
>
> So, sendmail _really_ refuses to accept -C key when run as root

Try to run sendmail with -C option as _root_ and you can really change
config file when were root. -C flag only disable suid:root (causing setting
effective uid to real uid via drop_privileges()). We really use sendmail
with alternative configuration files in technology.

Therefore, MZ is right...

--
Valentin Nechayev
netchat_private
II:LDXIII/DCCCLXXIII.CCC

Next message: David LeBlanc: "Re: IE5 allows executing programs"
Previous message: Crispin Cowan: "Re: Stack Shield: defending from"
Next in thread: John Kennedy: "Re: Root shell vixie cron exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:05 PDT