Bugtraq mailing list archives
Re: vulnerability in mail.local
From: Rogier Wolff <R.E.Wolff () BITWIZARD NL>
Date: Mon, 6 Nov 2000 08:40:04 +0100
Neil W Rickert wrote:
(4) On a well managed system, there should be an alias for 'root', so that mail to root is read by a non-root user. Triggering this "bug" assumes that root will blindly reply to a message without examining the address to which the reply is being sent.
Huh? What's that going to make as a difference?"the account of the guy who reads root mail" is going to be an administrator. He'll be su-ing to root on occasion. If you own his account, you also own root. alias su '/tmp/.../su' read the password, and bingo... Some people think they can circumvent this by typing /bin/su instead of su. Right. For all I care you put him in a "fake-shell" and pretend to be his real shell. Until he executes whatever he normally does to become root. Once you own the user-account of the administrator, you can work yourself up to "root". Roger. -- ** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * Common sense is the collection of * ****** prejudices acquired by age eighteen. -- Albert Einstein ********
Current thread:
- vulnerability in mail.local gregory duchemin (Nov 03)
- Re: vulnerability in mail.local Nic Bellamy (Nov 03)
- Re: vulnerability in mail.local Neil W Rickert (Nov 03)
- Re: vulnerability in mail.local Rogier Wolff (Nov 07)
- Re: vulnerability in mail.local bert hubert (Nov 07)
- Re: vulnerability in mail.local Robert Bihlmeyer (Nov 08)
- Re: vulnerability in mail.local Rogier Wolff (Nov 07)