[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the security hole reported in Sendmail

To: zmailer@cs.toronto.edu
Subject: the security hole reported in Sendmail
From: Rayan Zachariassen <rayan@cs.toronto.edu>
Date: Wed, 10 Nov 1993 09:28:35 +0200
Cc: firewalls@greatcircle.com


I've heard from a couple of people that they can recreate the current Sendmail
bug in their ZMailer setup.

I have NOT been able to recreate any security problem on the two zmailer
systems I have tried, both running relatively aged versions.

It is of course possible I don't understand the Sendmail trick, but
I doubt it (I've seen logs sent to CERT, and I used to know it - I thought
everyone did).  I suspect the reporters of the problem inadvertently did
something rash, like make error messages have a real account as Sender:
or From: whose privileges are then propagated to any addresses sent to.
The default Sender: in error message texts is "mailer-daemon" for this
reason among others.

ZMailer out of the box is very paranoid about security, and this trick
and others like it were considered during the design of the per-address
privilege assignment and carryover rules.  But then, it is just a tool.

rayan

Prev by Date: just thought y'all might be interested in this thread...
Next by Date: List Problems ...
Prev by thread: just thought y'all might be interested in this thread...
Next by thread: List Problems ...
Index(es):
- Date
- Thread