Bugtraq mailing list archives
Re: Root shell vixie cron exploit
From: peter () NETPLEX COM AU (Peter Wemm)
Date: Tue, 7 Sep 1999 17:56:06 +0800
John Kennedy wrote:
On Wed, Sep 01, 1999 at 09:08:55PM +0400, Seva Gluschenko wrote:man sendmail: /-C ...skipping... -Cfile Use alternate configuration file. Sendmail refuses to run as root if an alternate configuration file is specified. and it does, for sure %-). Just tested this on different versions of FreeBSD and had no effects except Mail Delivery message: The following address has permanent fatal errors: -C/tmp/vixie-cf gvs So, sendmail _really_ refuses to accept -C key when run as root??? I haven't looked hard at that exploit, but I know sendmail and that is untrue.
Yes, and all the ``fixes'' to the problem that I've seen are going in the wrong direction IMHO. FreeBSD simply does not let the user pass *any* arguments to sendmail. It calls sendmail with '-t' and the problem is solved. Completely. No need to mess around with bizzare command line argument filtering or other fragile solutions because the problem is gone once there are no command line arguments to filter. We fixed this particular problem in April 1995 along with tightening up a few other things. Cheers, -Peter -- Peter Wemm - peter () FreeBSD org; peter () yahoo-inc com; peter () netplex com au
Current thread:
- Root shell vixie cron exploit Michal Zalewski (Jul 05)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)
- Re: Root shell vixie cron exploit Michal Zalewski (Sep 01)
- Re: Root shell vixie cron exploit John Kennedy (Sep 03)
- Re: Root shell vixie cron exploit Peter Wemm (Sep 07)
- Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
- Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
- [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
- Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
- gftp Oscar Haeger (Sep 05)
- Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
- fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
- Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)