Bugtraq mailing list archives
Re: Solaris /usr/bin/mailx exploit (SPARC)
From: Casper Dik <Casper.Dik () Sun COM>
Date: Thu, 17 May 2001 12:24:41 +0200
Indeed if you're going to go to all the trouble of pre-creating mailboxes and ensuring that empty ones are left behind by all mail reading agents then it's trivial to implement setgid-mail delivery on even systems which don't allow ordinary users to use chown(2). I.e. it's trivial, even on such systems, to avoid having to use root privileges in any part of the local mail system!
Dependign on which loss of features you're willing to accept, it's usually not practical to run mail delivery as a non-privileged user; currently, we need to do deliver as superuser because of the actual delivery runs as the destination user. If you don't run delivery as the targeted user, you can have unrestricted .forward files (those are a risk in themselves but tools like procmail cannot easily be run under an unprivilegd accoutn on behalf of a user. AS things stand today, there doesn't seem to be any reason to continue the use of set-gid mail in Solaris, except that some code changes will be necessary (or mailboxes will be created mode 660, group pwd->pw_gid Casper
Current thread:
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Andrew Hilborne (May 15)
- MUAs that delete spoolfiles (was Solaris /usr/bin/mailx exploit (SPARC)) Rich Lafferty (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 15)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Dan Astoorian (May 15)
- <Possible follow-ups>
- Re: Solaris /usr/bin/mailx exploit (SPARC) Tobias J. Kreidl (May 16)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
- Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 18)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Greg A. Woods (May 18)
- Re: Mail delivery privileges Peter W (May 19)
- Re: Mail delivery privileges Henrik Nordstrom (May 19)
- Re: Mail delivery privileges David Wagner (May 21)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Cy Schubert - ITSD Open Systems Group (May 19)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 17)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Olaf Kirch (May 18)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Dan Stromberg (May 19)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Johann Klasek (May 15)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 19)