Another Sendmail security problem
Jim Haynes
haynes at ucbarpa.Berkeley.EDU
Sun Apr 30 04:28:35 AEST 1989
In article <FLEE.89Apr28231830 at shire.cs.psu.edu> flee at shire.cs.psu.edu (Felix Lee) writes:
>
>Our Sendmail under SunOS 4.0 will apparently run "|program" recipients
>with arbitrary uids. I've been unable to duplicate this with Sendmail
>5.59 running on a Vax, but this may be a vagary of configuration.
>
Hmmm, one thing in common between your Sun and our ISI is that they are
MC68000 machines (or is your Sun a Sun4?) and hence have the opposite byte
order to VAXen. Another fact I should have mentioned is that our ISI
machine tends to be very heavily loaded much of the time. So maybe
there's something in there that is unwittingly sensitive to byte order;
or maybe it depends on some bug that is more probable when the system is
heavily loaded.
haynes at ucscc.ucsc.edu haynes at ucscc.bitnet ...ucbvax!ucscc!haynes
"Any clod can have the facts, but having opinions is an Art."
Charles McCabe, San Francisco Chronicle
More information about the Comp.unix.wizards
mailing list