Re: From the moderator: READ Please

smb@research.att.com
Mon, 22 May 95 14:13:02 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Julian Assange: "Muffett's AuotHack"
Previous message: Scott Barman: "Re: Solaris 2.x utmp hole"
Maybe in reply to: Scott Chasin: "From the moderator: READ Please"
Next in thread: Robert M. Haas: "Re: From the moderator: READ Please"

	 1) Some new releases of sendmail install the program as group kmem.

	 I can't see any good reason for this, if I'm wrong please
	 correct me. This group is dangerous, because it is able to
	 read the kernel and physical memory.  I was able to get a
	 shell as group kmem via the old ident bug, and to find some
	 fragments of the shadow passwords file in the kernel memory.
	 Newer bug s may give the same opportunity.

Sendmail tries to determine the load average of the machine; on some
platforms, the only way to do that is by reading /dev/kmem.  That doesn't
change the fact that it's stupid to give sendmail that much power.  (On
the other hand, it's already setuid root; what does yet one more
privilege matter....?)

Next message: Julian Assange: "Muffett's AuotHack"
Previous message: Scott Barman: "Re: Solaris 2.x utmp hole"
Maybe in reply to: Scott Chasin: "From the moderator: READ Please"
Next in thread: Robert M. Haas: "Re: From the moderator: READ Please"