one smail bug

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: James W. Abendschan: "Re: SMAIL"
• Previous message: James Seng: "Re: SMAIL"

Saw this one elsewhere and don't think it was crossposted to here or security
groups yet:

From: martin2@sueton.ida.ing.tu-bs.de (Martin Bartosch)
Subject: Security hole in smail - be careful!
Followup-To: comp.os.linux.misc
Summary: Security hole in smail.
Keywords: security hole, smail, debugging
Reply-To: martin@koma.escape.de
Organization: TU Braunschweig, Informatik (Bueltenweg), Germany
Date: Thu, 6 Oct 1994 14:57:37 GMT

Hi,

last night I discovered a potential danger to all sites that run smail.
A quick check on some other sites (thanks to the folks on #linux)
revealed that most systems are affected by this.

Essentially, the smail bug will allow ordinary users to create files
anywhere they want to:


Assume /usr/lib/sendmail is a softlink to /usr/bin/smail.

$ /usr/lib/sendmail -d -D/etc/i_am_broken noone@universe
$ ls -l /etc/i_am*

Be aware of this. Some sites even come up with permissions rw-rw-rw-!
This behaviour is not affected by -smtp-debug.


				Just my $0.02.

					Martin.

--

Dan

• Next message: James W. Abendschan: "Re: SMAIL"
• Previous message: James Seng: "Re: SMAIL"