Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uwm.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.wizards
Subject: Re: DON'T USE 'FU/usr/lib/uucp/L.sys' in sendmail.cf
Message-ID: <1991Apr3.142143.6478@mp.cs.niu.edu>
Date: 3 Apr 91 14:21:43 GMT
References: <3449@unisoft.UUCP> <1991Mar27.204357.17066@mp.cs.niu.edu> <3250@charon.cwi.nl>
Organization: Northern Illinois University
Lines: 28

In article <3250@charon.cwi.nl> piet@cwi.nl (Piet Beertema) writes:
>
>	As stated earlier, it is potentially dangerous to use 'F' lines in
>	sendmail.cf to read sensitive files, such as /usr/lib/uucp/L.sys
>	(or whatever your UUCP systems file is called).
>Depends. If you're running 5.64 or older *and* if
>you do *not* have
>#define SCANF 	1
>in your conf.h, then indeed sensitive information
>can end up in your frozen config file.

  In my original posting, I warned that making the freeze file mode 600 is
not a guaranteed protection, since a core dump will also contain a copy of
the sensitive information.

  A number of people have suggested that a core dump is impossible, since
sendmail runs with effective uid of root, so cannot be sent a core dumping
signal.  This however, is erroneous.  Normally sendmail begins with an
effective uid of root, but it can change its uid during processing.  In
particular there are many choices of command line parameters which will cause
sendmail to relinquish its suid privileges after it has read its 
configuration.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940