Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!crdgw1!barnett
From: barnett@grymoire.crd.ge.com (Bruce Barnett)
Newsgroups: comp.mail.sendmail
Subject: Re: User setting From: address in sendmail input
Message-ID: <BARNETT.91Jun21093917@grymoire.crd.ge.com>
Date: 21 Jun 91 13:39:17 GMT
References: <FWP1.91Jun19183837@Jester.CC.MsState.Edu>
	<1991Jun20.022606.1680@shaman.com>
Sender: news@crdgw1.crd.ge.com
Reply-To: barnett@crdgw1.ge.com
Organization: GE Corp. R & D, Schenectady, NY
Lines: 15
In-reply-to: jiro@shaman.com's message of 20 Jun 91 02:26:06 GMT

In article <1991Jun20.022606.1680@shaman.com> jiro@shaman.com (Jiro Nakamura) writes:

> In article <FWP1.91Jun19183837@Jester.CC.MsState.Edu> fwp1@CC.MsState.Edu  
> (Frank Peters) writes:
>> I realize how easy it is to spoof via smtp.  But I would have thought this
>> case would be coverend under the sendmail.cf trusted user declarations.

>  Great security hazard. 

It is true the SunOS sendmail has this bug (allowing anyone to be
trusted). We use this bug to work aroung another bug when sending 
mail inside GNU emacs. But since it doesn't *add* any additial security
hazard, it's not that much of a problem - security wise.
--
Bruce G. Barnett	barnett@crdgw1.ge.com	uunet!crdgw1!barnett