Re: Solaris problems?

[ajlill () ajlc waterloo on ca (Anthony J. Lill)]

> > > > > "James" == James W Abendschan <unkadath!shamus () naucse cse nau edu> writes:

    James> Three solaris-related things I'd like to ask the list-- and
    James> if you know, and are willing to share this info (key point
    James> here), please speak up.

    James> 1) /var/mail is world writable, but has a sticky bit to
    James> prevent people from removing other people's mailboxes.
    James> Still, I can create mailboxes for users who don't have them
    James> (like smtp) ..  will this pose a problem in the future?

That is very odd. I'm running real SVR4, and /var/mail is owner root,
group mail, mode 775. The mail programs all run setgid mail so they
can create the mailboxes. This way no-one can create bogus mailboxes
directly. 

    James>    I know that if sendmail had some sort of support for v7
    James> forwarding capabilties (ie; /var/mail/smtp contains Forward
    James> to |/tmp/foosh, then mail to smtp runs /tmp/foosh as uid
    James> smtp, which just happens to be 0 on our systems) this would
    James> be an easy exploit.. but apparently sendmail 8.6.9 doesn't
    James> hold to those kind of conventions (thank gods)

Sendmail doesn't deliver mail, it invokes the program listed on the
Mlocal line in the sendmail.cf file (after setuiding itself to the
recieving user). You'll have to check out the capabilities of that
program to be sure (although sendmail 8 comes with a binmail delivery
program which doesn't do any forwarding). 

Of course, you can put "|/tmp/foosh" into the $HOME/.forward file of
any user, so check the perms on the home directories of all of your
sys userids.

--
Tony Lill,                         Tony.Lill () AJLC Waterloo ON CA
President, A. J. Lill Consultants                 (519) 241 2461
539 Grand Valley Dr., Cambridge, Ont.    fax/data (519) 650 3571

"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"