In message <[EMAIL PROTECTED]>, Greg A. Woods writes: > [ On Friday, May 18, 2001 at 11:18:51 (-0400), Wietse Venema wrote: ] > > 3 - User-specified shell commands. Traditionally, a user can specify > > any shell command in ~user/.forward, and that command will execute > > with the privileges of that user. This requires SUPER-USER privileges > > in the mail delivery software itself or in mail helper software. > > Oh, OK, you've got me on that one! ;-) > > I was trying very carefully to avoid that particular pit of snakes, but > I suppose I should have known it was inevitable that someone would find > me out eventually! A small helper program to handle shell command .forward files would be a lot more secure than an MTA performing the deed. It's not a perfect solution but is a lot better than what we've got now for the simple reason that a smaller program is easier to audit and thus generally more secure than a larger more complex program. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: [EMAIL PROTECTED] Open Systems Group, ITSD, ISTA Province of BC
Re: Mail delivery privileges (was: Solaris /usr/bin/mailx exploit)
Cy Schubert - ITSD Open Systems Group Sat, 19 May 2001 18:09:32 -0700
- Re: Solaris /usr/bin/mailx exploit (... Tobias J. Kreidl
- Re: Solaris /usr/bin/mailx expl... Greg A. Woods
- Re: Solaris /usr/bin/mailx ... Casper Dik
- Re: Solaris /usr/bin/ma... Greg A. Woods
- Mail delivery privi... Wietse Venema
- Re: Mail deliv... Greg A. Woods
- Re: Mail d... Peter W
- Re: Mail d... Henrik Nordstrom
- Re: Mail d... David Wagner
- Re: Mail d... David Wagner
- Re: Mail d... Cy Schubert - ITSD Open Systems Group
- Re: Mail deliv... Olaf Kirch
- Re: Mail d... Dan Stromberg
- Re: Mail deliv... Wietse Venema
