Saw this one elsewhere and don't think it was crossposted to here or security groups yet: From: martin2@sueton.ida.ing.tu-bs.de (Martin Bartosch) Subject: Security hole in smail - be careful! Followup-To: comp.os.linux.misc Summary: Security hole in smail. Keywords: security hole, smail, debugging Reply-To: martin@koma.escape.de Organization: TU Braunschweig, Informatik (Bueltenweg), Germany Date: Thu, 6 Oct 1994 14:57:37 GMT Hi, last night I discovered a potential danger to all sites that run smail. A quick check on some other sites (thanks to the folks on #linux) revealed that most systems are affected by this. Essentially, the smail bug will allow ordinary users to create files anywhere they want to: Assume /usr/lib/sendmail is a softlink to /usr/bin/smail. $ /usr/lib/sendmail -d -D/etc/i_am_broken noone@universe $ ls -l /etc/i_am* Be aware of this. Some sites even come up with permissions rw-rw-rw-! This behaviour is not affected by -smtp-debug. Just my $0.02. Martin. -- Dan