Xref: utzoo comp.mail.misc:4144 comp.unix.shell:582
Path: utzoo!attcan!uunet!know!sdd.hp.com!wuarchive!julius.cs.uiuc.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.mail.misc,comp.unix.shell
Subject: Re: Shell scripts from smail/sendmail - strange behavior
Message-ID: <1990Oct15.163134.1751@mp.cs.niu.edu>
Date: 15 Oct 90 16:31:34 GMT
References: <1990Oct14.135213.28213@athena.mit.edu> <1990Oct14.194452.13627@mp.cs.niu.edu> <1990Oct14.224615.6178@athena.mit.edu>
Organization: Northern Illinois University
Lines: 36

In article <1990Oct14.224615.6178@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes:
>  First of all, my name is Kamens, not Kamen.  But that's not important right
>now :-).
>
  My apologies for the typo on your name.

>  Second, I didn't see the point in mentioning this before, but if you're
>going to start debating, I might as well -- the behavior I have described is a
>GAPING and KNOWN security hole in sendmail.  I can, on many (if not most)
>systems, pretty much run any program as any user if I have an account on the
>system and its sendmail behaves as I've described.
>
 I thought we were discussing programs invoked due to an entry in the
aliases file.  I fully agree that having a publicly writeable aliases file
is a security hazard.

>  "Extensive sender checking" is EXACTLY what sendmail 5.61 DOES NOT do when
>it decides what user ID to use when running a program.  And, as any somewhat
>knowledgeable Unix user should know, it's REAL easy to fake sendmail out. 

 This is why you should be careful about putting programs in aliases.

>That's why this functionality was removed in sendmail 5.64.

  That is indeed curious.  I am using a sendmail 5.64 derivative, and when
I post a 'msgs', it still runs the program under my user ID.  My mail is
submitted by an SMTP client, so that sendmail itself is running with real
uid of root at the time.  Certainly there were changes made to handling of
'uid's, but I haven't seen any evidence that "this functionality was
removed in 5.64."

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115.                                  +1-815-753-6940