Bugtraq mailing list archives
Re: From the moderator: READ Please
From: smb () research att com (smb () research att com)
Date: Mon, 22 May 95 14:13:02 EDT
1) Some new releases of sendmail install the program as group kmem. I can't see any good reason for this, if I'm wrong please correct me. This group is dangerous, because it is able to read the kernel and physical memory. I was able to get a shell as group kmem via the old ident bug, and to find some fragments of the shadow passwords file in the kernel memory. Newer bug s may give the same opportunity. Sendmail tries to determine the load average of the machine; on some platforms, the only way to do that is by reading /dev/kmem. That doesn't change the fact that it's stupid to give sendmail that much power. (On the other hand, it's already setuid root; what does yet one more privilege matter....?)
Current thread:
- Re: From the moderator: READ Please smb () research att com (May 22)