How does sendmail get UUCP host names?

Neil Rickert rickert at mp.cs.niu.edu
Wed Mar 13 03:15:23 AEST 1991


In article <1991Mar12.143810.7383 at hollie.rdg.dec.com> jch at hollie.rdg.dec.com (John Haxby) writes:
>
>In article <1991Mar12.130319.14972 at mp.cs.niu.edu>, rickert at mp.cs.niu.edu (Neil Rickert) writes:
>|>  Mode 600 prevents someone running 'strings' on the freeze file.  But it is
>|> pretty easy to coax 'sendmail' in to generating a core dump owned by the person
>|> who invokes 'sendmail', and all the same information should be there.  This
>|> risk is also present if you don't use a freeze file.
>
>How?  sendmail catches the quit signal and you can't send it
>your favourite core-dumping signal unless you are root.
>Unless you have a dead-cert bug that makes sendmail
>drop core every time ....

[I have added comp.mail.sendmail to the newsgroups, because of the importance
of this issue.  :nwr]

 Must I spell out the details of a security problem you may have inflicted
on your users?  That would only open up the problem further for everyone to
see and perhaps take advantage of.

 For the time being, I will not spell it out.  The bug is not in 'sendmail',
but in any use in 'sendmail.cf' of an 'F' line which requires sendmail to
read a file such as L.sys which contains confidential information.
DON'T DO IT.

 Making the freeze file mode 600, or running without a freeze file is at best
a partial solution.  It prevents the direct attack of
'strings sendmail.fc'.  But someone familiar with the workings of sendmail
CAN coerce it into taking a publicly readable core dump which is likely
to contain a copy of the confidential information.  And it does not require
root privileges to do this.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert at cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940



More information about the Comp.unix.questions mailing list