Re: sendmail exploit script - resend

smb@research.att.com
Mon, 28 Mar 94 14:51:37 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mitch Wright: "Re: /etc/utmp"
Previous message: Rik Farrow: "Re: sendmail exploit script - resend"
In reply to: Bonfield James: "Re: sendmail exploit script - resend"
Next in thread: Jean Chouanard: "Re: sendmail exploit script - resend"

>Does anyone know quite what the logic behind these shell checks are? They're
>just a pain and a stumbling block that are trivial to work around. Is it only
>Sun derived things that do this?

The ``feature'' was installed because of setuid programs that unwisely
let the shell do things, i.e., uucp.  The rationale was to protect such
programs by having the shell revert to the user's uid.

No, I don't agree, and I didn't agree then.  But Korn got a lot of
pressure from others.

Next message: Mitch Wright: "Re: /etc/utmp"
Previous message: Rik Farrow: "Re: sendmail exploit script - resend"
In reply to: Bonfield James: "Re: sendmail exploit script - resend"
Next in thread: Jean Chouanard: "Re: sendmail exploit script - resend"