How does sendmail get UUCP host names?
Neil Rickert
rickert at mp.cs.niu.edu
Tue Mar 12 23:03:19 AEST 1991
In article <1991Mar12.102259.1777 at hollie.rdg.dec.com> jch at hollie.rdg.dec.com (John Haxby) writes:
>
>In article <1991Mar12.035457.18829 at mp.cs.niu.edu>, rickert at mp.cs.niu.edu (Neil Rickert) writes:
>|> (A particulary undesirable approach uses
>|> FU/usr/lib/uucp/L.sys
>|> which has the wonderful effect of putting all passwords in L.sys into
>|> the freeze file, and into an core dumps from sendmail).
>
>Except that sendmail makes sure the freeze file
>is mode 600 ... we like to fix security holes.
Mode 600 prevents someone running 'strings' on the freeze file. But it is
pretty easy to coax 'sendmail' in to generating a core dump owned by the person
who invokes 'sendmail', and all the same information should be there. This
risk is also present if you don't use a freeze file.
A much safer approach is to run 'uuname' into a file, and use that file
in an F line in 'sendmail.cf'. The whole thing can be run from a makefile
which redoes the 'uuname' if L.sys changes, then rebuilds the freeze file
if the file containing 'uuname' output changes. (With a little care in
preparing a suitable shell script, you can have the 'make' also kill and
restart the sendmail daemon when the freeze file changes.)
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science <rickert at cs.niu.edu>
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
More information about the Comp.unix.ultrix
mailing list