Hi! > I had assumed that the whole problem with the vixie-cron exploit was > that cron allowed users to invoke sendmail with arbitrary command-line > options *as root*, so dropping SUID status doesn't do any good. > Sendmail doesn't try to protect the root user from themselves. I tried it on several RedHat 4.x 5.x and 6.x boxes and when they ARE running sendmail, a lot alsos did qmail, it worked just fine... Bye, Raymond.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:19 PDT