[comp.mail.sendmail] DON'T USE 'FU/usr/lib/uucp/L.sys' in sendmail.cf

rickert@mp.cs.niu.edu (Neil Rickert) (03/28/91)

I won't quote.  Read the References if you want to see related comments.

As stated earlier, it is potentially dangerous to use 'F' lines in sendmail.cf
to read sensitive files, such as /usr/lib/uucp/L.sys (or whatever your UUCP
systems file is called).

Some vendors unwisely distribute configurations with such an entry, as it
provides a simple way of insuring that all UUCP neighbors are known to
sendmail.  However, potentially sensitive information such as passwords will
leak into publically accessable information such as the configuration
freeze file (sendmail.fc), and any core dumps taken by sendmail.

Since I originally mentioned this, some postings have questionned the severity
of the problem, claiming that mode 0600 on sendmail.fc is an adequate
protection.  (The 'References:' line will direct you to some of the
arguments made.)

Given the importance of the issue, it is my tentative plan to post, in about
one week's time, details of how to coerce sendmail into providing a core dump
containing the sensitive information.

HOW TO PROTECT YOURSELF.

Examine 'sendmail.cf' for lines beginning with 'F' in column 1.  The general
format is
Fx/full/path/to/file
where the 'x' could be any letter, usually upper case.  Unless there is a
sensitive file (such as your UUCP systems file), you have no concern.  If
there is a sensitive file, extract the mail related non-sensitive information
from that file and place in another file.  For example, you could redirect
the output of 'uuname' to the file /usr/lib/uucp/uunodes, and use the latter
file in place of the L.sys file in your configuration setup.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940

piet@cwi.nl (Piet Beertema) (04/03/91)

	As stated earlier, it is potentially dangerous to use 'F' lines in
	sendmail.cf to read sensitive files, such as /usr/lib/uucp/L.sys
	(or whatever your UUCP systems file is called).
Depends. If you're running 5.64 or older *and* if
you do *not* have
#define SCANF 	1
in your conf.h, then indeed sensitive information
can end up in your frozen config file.
This is no longer the case in 5.65/IDA-1.4.2 and
later, since SCANF is effectively always enabled.

-- 
	Piet Beertema, CWI, Amsterdam	(piet@cwi.nl)