Bugtraq mailing list archives

Mail flags for using procmail instead of /bin/mail?

From: ault () cs albany edu (James R. Ault)
Date: Fri, 30 Sep 1994 16:42:09 EDT


not sure who wrote:

 yes there is a bug in /bin/mail - if it is setuid root (ie: used as a 
 delivery agent) it can be exploited to gain root access. there was an

...

 u-s /bin/mail, install either procmail or the mail.local (which i have 
 yet to find anywhere, procmail is easy to find... (i forget where.. 
 archie is your friend), and then edit your Mlocal line in 
 /etc/sendmail.cf to be procmail instead of /bin/mail


Could someone post some suitable lines with proper flags to give
procmail that I could include in sendmail.cf ? We run sendmail 8.6.9
on sunos 4.1.3, and we have procmail already installed.

Jim Ault, CS Sysadmin, SUNY Albany, NY 12222 USA  ault () cs albany edu   <><

Current thread:

Various resources Christopher Klaus (Sep 29)
- Re: Various resources Craig Metz (Sep 29)
  - Re: Various resources Karl Strickland (Sep 29)
- kern_exec.c an134699 () anon penet fi (Sep 29)
  - Re: kern_exec.c Karl Strickland (Sep 29)
  - Re: kern_exec.c Len Rose (Sep 29)
  - A request Mark Graff (Sep 29)
    - A request Scott D. Yelich (Sep 30)
    - Mail flags for using procmail instead of /bin/mail? James R. Ault (Sep 30)
    - Re: Mail flags for using procmail instead of /bin/mail? Adam Shostack (Sep 30)
  - Re: kern_exec.c John Hawkinson (Sep 29)
- <Possible follow-ups>
- Re: Various resources tws () mrc com (Sep 30)
- Re: Various resources H Morrow Long (Sep 30)
  - Re: Various resources Pat Myrto (Sep 30)
- Re: Various resources H Morrow Long (Sep 30)