How does sendmail get UUCP host names?
Neil Rickert
rickert at mp.cs.niu.edu
Wed Mar 13 03:15:23 AEST 1991
In article <1991Mar12.143810.7383 at hollie.rdg.dec.com> jch at hollie.rdg.dec.com (John Haxby) writes:
>
>In article <1991Mar12.130319.14972 at mp.cs.niu.edu>, rickert at mp.cs.niu.edu (Neil Rickert) writes:
>|> Mode 600 prevents someone running 'strings' on the freeze file. But it is
>|> pretty easy to coax 'sendmail' in to generating a core dump owned by the person
>|> who invokes 'sendmail', and all the same information should be there. This
>|> risk is also present if you don't use a freeze file.
>
>How? sendmail catches the quit signal and you can't send it
>your favourite core-dumping signal unless you are root.
>Unless you have a dead-cert bug that makes sendmail
>drop core every time ....
[I have added comp.mail.sendmail to the newsgroups, because of the importance
of this issue. :nwr]
Must I spell out the details of a security problem you may have inflicted
on your users? That would only open up the problem further for everyone to
see and perhaps take advantage of.
For the time being, I will not spell it out. The bug is not in 'sendmail',
but in any use in 'sendmail.cf' of an 'F' line which requires sendmail to
read a file such as L.sys which contains confidential information.
DON'T DO IT.
Making the freeze file mode 600, or running without a freeze file is at best
a partial solution. It prevents the direct attack of
'strings sendmail.fc'. But someone familiar with the workings of sendmail
CAN coerce it into taking a publicly readable core dump which is likely
to contain a copy of the confidential information. And it does not require
root privileges to do this.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science <rickert at cs.niu.edu>
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
More information about the Comp.unix.questions
mailing list