Re: Solaris /usr/bin/mailx exploit (SPARC)

From: Andrew Hilborne (andrew.hilborneat_private)
Date: Tue May 15 2001 - 06:15:45 PDT

Next message: psheepat_private: "Sendfile daemon bugs"

Previous message: Filip Maertens: "IIS Exploit"
Reply: Rich Lafferty: "MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casper Dik <Casper.Dikat_private> writes:

> I'm not sure why all of the Solaris mail programs are actually set-gid 
> mail.
> 
> If you strip set-gid mail from /usr/bin/mail,, /usr/bin/mailx, 
> /usr/SUNWale/bin/mailx, /usr/dt/bin/dtmail, /usr/dt/bin/dtmailpr,
> /usr/openwin/bin/mailtool nothing should break.
> 
> (At least not if you /var/mail directory has the standard 1777 permissions)
> 
> By forcing a file permission of 600 on mailboxes, group mail should not
> gain you anything.

Just how do you force 0600 on mailboxes which don't exist (many MUAs remove
empty mailboxes?)

Since you cannot easily do this, at the very least a malicious user should be
able to steal other users' mail. I think.

--
Andrew Hilborne

Next message: psheepat_private: "Sendfile daemon bugs"
Previous message: Filip Maertens: "IIS Exploit"
Reply: Rich Lafferty: "MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 13:18:21 PDT