Bugtraq mailing list archives
Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)
From: wietse () porcupine org (Wietse Venema)
Date: Fri, 18 May 2001 20:10:48 -0400 (EDT)
I wrote:
Local mail delivery crosses the mail-to-user boundary in several places. Assuming traditional UNIX user/group/other permissions and uid/gid-based privileges, and the traditional /var/mail, aliases and .forward interface with user-specified shell commands: 1 - Appending mail to mailbox. This can be done securely by nobody:mail provided that the mailbox has group write permission. But that is only the easy part. 2 - Lock file management. If mail is delivered as nobody:mail, then /var/mail/username.lock files are owned by user nobody. This means you can't use mode 1777 /var/mail permissions [...]
Several people pointed out that username.lock files can be eliminated from the equation. That may be the case on their specific systems. However, many systems in the real world do require username.lock files as part of their local mail delivery interface. Simply calling those systems "obsolete" does not make them go away. Some suggested changes to the the mail-to-user interface. That interface can certainly stand improvement. However, such comments are outside the scope of the argument: whether or not unprivileged local delivery as nobody:mail provides security without loss of features. In a world that requires username.lock files, one would have to cheat and use privileged mail user agents. In a world that expects that people can specify arbitrary shell commands in ~user/.forward files, one would have to cheat and use privileged helper programs. Wietse
Current thread:
- Re: Solaris /usr/bin/mailx exploit (SPARC), (continued)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Casper Dik (May 17)
- Re: Solaris /usr/bin/mailx exploit (SPARC) Greg A. Woods (May 18)
- Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 18)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Greg A. Woods (May 18)
- Re: Mail delivery privileges Peter W (May 19)
- Re: Mail delivery privileges Henrik Nordstrom (May 19)
- Re: Mail delivery privileges David Wagner (May 21)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Cy Schubert - ITSD Open Systems Group (May 19)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Olaf Kirch (May 18)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Dan Stromberg (May 19)
- Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit) Wietse Venema (May 19)