non-superuser chown(2)s considered harmful
Peter da Silva
peter at ficc.ferranti.com
Sat Dec 8 10:02:50 AEST 1990
In article <1990Dec7.032340.13531 at mp.cs.niu.edu> rickert at mp.cs.niu.edu (Neil Rickert) writes:
> I wonder whether 'sendmail' checks for this. If the system aliases
> file contains :include:/path/name as an alias, when the alias is
> expanded 'sendmail' uses the permissions of the owner of the :include:
> file for aliases such as "|program".
That's a bug in sendmail. Is anyone surprised?
After all, you can always fake it out by sending mail to your target with
appropriate lines in it, then set your aliases file to point to their mailbox
file (/usr/mail/user)...
Who else can think of a hole like this?
> If SystemV versions of 'sendmail' ...
What a horrible idea!
--
Peter da Silva. `-_-'
+1 713 274 5180. 'U`
peter at ferranti.com
More information about the Comp.unix.internals
mailing list