Vulnerability Development mailing list archives
Re: bug in procmail (ver 3.14 maybe others?)
From: Philip Guenther <guenther () sendmail com>
Date: Sat, 23 Feb 2002 23:03:56 -0800
Ehud Tenenbaum <analyzer () 2xss com> writes:
We know its just a NULL pointer but since sendmail uses procmail to alert, and of course snedmail is suid as well it might be a problem to make the procmail segfault when sendmail calls it (its a pure idea I didnt take a look on sendmail handling childs functions yet). could be a dengerous ?
I doubt it's a problem: sendmail checks the exit status of its children process and understands failures caused by signals, etc. If it _is_ a problem, then procmail is wholly out of the picture, as this exact problem will occur with many signals besides SIGALRM. (As a (long) side note: the only way I know to send a SIGALRM to a setuid process is to exec it directly, leaving an alarm pending past the exec, and even then new enough OSes don't even allow that. It worked under gdb because tracing disables setuid execution, but otherwise I don't know how you would do it. You can send 'tty signals' (INT, QUIT, TSTP, HUP, WINCH, INFO) to setuid processes if it's in one of your sessions. That extends to some other signals (KILL and STOP), at least some of the time, but I don't see how to arbitrarly send other signals to setuid processes.) Philip Guenther guenther () sendmail com Procmail Maintainer -------- Information and opinions expressed above are not those of Sendmail, Inc.
Current thread:
- bug in procmail (ver 3.14 maybe others?) Ehud Tenenbaum (Feb 23)
- <Possible follow-ups>
- re: bug in procmail (ver 3.14 maybe others?) Philip Guenther (Feb 24)
- Message not available
- Re: bug in procmail (ver 3.14 maybe others?) Philip Guenther (Feb 24)
- Message not available
- Re: bug in procmail (ver 3.14 maybe others?) Philip Guenther (Feb 25)
- Message not available
- Re: bug in procmail (ver 3.14 maybe others?) Valdis . Kletnieks (Feb 25)