fingerhu@ircam.fr (Michel Fingerhut) (06/30/91)
1. NIS (YP) databases do not work correctly under Ultrix 4.1 (DEC/MIPS).
Reason: last character of matched value as returned from yp_match is
chopped off in daemon.c. Suggested fix:
------- daemon.c -------
*** /tmp/da6850 Sun Jun 30 10:28:32 1991
--- daemon.c Sun Jun 30 10:27:20 1991
***************
*** 921,929 ****
--- 921,931 ----
yp_match(yp_domain, &db->db_name[1], lowkey,
strlen(key), &result.dptr, &result.dsize) != 0)
result.dptr = NULL;
+ #ifdef sun
else
/* smash newline */
result.dptr[result.dsize--] = '\0';
+ #endif
}
else
{
2. When a .forward file exists in the addressee's home dir, mail is sent both
the the forwarding address(es) and to the addressee (which is incorrect, the
addressee should not receive a copy unless specifically mentioned). This
has something to do with the newly introduced QSELFREF bit, but I have not
figured a fix yet.
3. newaliases is executable by *any* user, no matter what the permissions on
the aliases and aliases.{dir,pag} files are.
Michael
wisner@mica.Berkeley.EDU (Bill Wisner) (07/01/91)
>3. newaliases is executable by *any* user, no matter what the permissions on > the aliases and aliases.{dir,pag} files are. Why is this a problem? If users can't edit the aliases file, they can't do any damage with newaliases -- just make sure the database is up-to-date. Bill Wisner <wisner@mica.Berkeley.EDU> Gryphon Gang Saratoga CA 95070
brian@ucsd.Edu (Brian Kantor) (07/01/91)
wisner@mica.Berkeley.EDU (Bill Wisner) writes: >>3. newaliases is executable by *any* user, no matter what the permissions on >> the aliases and aliases.{dir,pag} files are. >Why is this a problem? If users can't edit the aliases file, they >can't do any damage with newaliases -- just make sure the database >is up-to-date. Actually, it allows a denial-of-service attack by a user on your machine, during which mail will not flow, and after which, your load average will skyrocket. Not too serious as such things go, but it can be REAL annoying. - Brian
rickert@mp.cs.niu.edu (Neil Rickert) (07/01/91)
In article <36658@ucsd.Edu> brian@ucsd.Edu (Brian Kantor) writes: >wisner@mica.Berkeley.EDU (Bill Wisner) writes: >>>3. newaliases is executable by *any* user, no matter what the permissions on >>> the aliases and aliases.{dir,pag} files are. >>Why is this a problem? If users can't edit the aliases file, they >Actually, it allows a denial-of-service attack by a user on your >machine, during which mail will not flow, and after which, your load >average will skyrocket. Not too serious as such things go, but it can >be REAL annoying. You can remove the 'newaliases' command, or make it a shell script that prints a message if invoked by anyone other than root. This stops the casual user who is thinking "I wonder what that command will do?" Of course it doesn't stop the determined person who really wants to do so from slowing down your mail processing - but only once :-). -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940