Bugtraq mailing list archives
Re: Sendmail up to 8.9.1 - mail.local instroduces new class of
From: sstone () UME PHT CO JP (Scott Stone)
Date: Tue, 11 Aug 1998 09:35:12 +0900
On Mon, 10 Aug 1998, Jeremiah Rothschild wrote:
I run sendmail suid/sgid mail.. Therefore, if hacked, the worst situation would be losing mail spools. Doing this has been nicely documented.. Anyone interested should check out www.virtual.net.au/~rjc/sendmail.html
On a related note, sendmail 8.9.0 has its mail.local setuid by default as well.
# ip On Thu, 9 Jul 1998, Michal Zalewski wrote:It's stupid to make any part of sendmail package setuid. It's really possible to make sendmail work with no setuid nor setgid, by arranging proper communication with sendmail daemon, if running. Also, I suggest to be at least careful with new features of recent Sendmail version :-)
-------------------------------------------------- Scott M. Stone <sstone () pht com, sstone () turbolinux com> <sstone () pht co jp> Head of TurboLinux Development/Systems Administrator Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan) http://www.pht.com http://armadillo.pht.co.jp http://www.pht.co.jp http://www.turbolinux.com
Current thread:
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- linux kernel patch - suid procs exec'd with bad 0,1,2 fds Zachary Amsden (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Kragen (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Pavel Kankovsky (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 David Damerell (Aug 06)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jeremiah Rothschild (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Scott Stone (Aug 10)
- Network Associates Inc. Advisory (OpenBSD) Security Research Labs (Aug 10)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Object tag crashes Internet Explorer 4.0 Alan Cox (Aug 07)
- Description of the Eudora Security Hole Aleph One (Aug 07)
- resend Steve Bellovin (Aug 06)
- Re: resend Casper Dik (Aug 07)
- <Possible follow-ups>
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Joe (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Roger Espel Llima (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)