rickert@mp.cs.niu.edu (Neil Rickert) (12/07/90)
In article <109958@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes: >I consider non-superuser chown(2)s harmful. They screw up anyone who's >trying to do post-facto disk accounting or pre-emptive disk quotas. > >It also ruffles my security feathers. Various programs realize that they >shouldn't source config files owned by someone other than the current >user, such as vi and the csh. If I make a /tmp/.exrc, and someone cd's to I wonder whether 'sendmail' checks for this. If the system aliases file contains :include:/path/name as an alias, when the alias is expanded 'sendmail' uses the permissions of the owner of the :include: file for aliases such as "|program". (permission of daemon for a root owner). If SystemV versions of 'sendmail' don't change this, and allow giving away files, then anyone given access to manage a mailing list has almost carte-blanche to execute programs as other people. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115. +1-815-753-6940
peter@ficc.ferranti.com (Peter da Silva) (12/08/90)
In article <1990Dec7.032340.13531@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: > I wonder whether 'sendmail' checks for this. If the system aliases > file contains :include:/path/name as an alias, when the alias is > expanded 'sendmail' uses the permissions of the owner of the :include: > file for aliases such as "|program". That's a bug in sendmail. Is anyone surprised? After all, you can always fake it out by sending mail to your target with appropriate lines in it, then set your aliases file to point to their mailbox file (/usr/mail/user)... Who else can think of a hole like this? > If SystemV versions of 'sendmail' ... What a horrible idea! -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com