How does sendmail get UUCP host names?

The Grey Wolf greywolf at unisoft.UUCP
Wed Mar 27 09:58:22 AEST 1991


/* <1991Mar12.171523.30268 at mp.cs.niu.edu> by rickert at mp.cs.niu.edu (Neil Rickert)
 * 
 * [I have added comp.mail.sendmail to the newsgroups, because of the importance
 * of this issue.  :nwr]
 * 
 *  For the time being, I will not spell it out.  The bug is not in 'sendmail',
 * but in any use in 'sendmail.cf' of an 'F' line which requires sendmail to
 * read a file such as L.sys which contains confidential information.
 * DON'T DO IT.

Smart move.

 *
 * Making the freeze file mode 600, or running without a freeze file is at
 * best a partial solution.

I will now close my eyes so the room will be empty.

 *
 * It prevents the direct attack of 'strings sendmail.fc'.  But someone
 * familiar with the workings of sendmail CAN coerce it into taking a publicly
 * readable core dump which is likely to contain a copy of the confidential
 * information.  And it does not require root privileges to do this.
 *

Um, pardon, but it *does* require root permission to generate a core dump
from a setuid-root executable%.  Never mind that making /usr/lib/uucp/L.sys
part of the configuration via an F line is not a smart move.
This hole must be *really* obscure.  {flaming? send me mail.}


 * 
 * -- 
 * =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
 *   Neil W. Rickert, Computer Science               <rickert at cs.niu.edu>
 *   Northern Illinois Univ.
 *   DeKalb, IL 60115                                   +1-815-753-6940


% Under any *reasonable* kernel, this is true:  A core can only be generated
  if the invoking uid and the real uid are identical, and even then only if
  the executable has read permission.  This goes out the window if you're
  the super-user.



More information about the Comp.unix.questions mailing list