Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!pacbell.com!ucsd!brian
From: brian@ucsd.Edu (Brian Kantor)
Newsgroups: comp.mail.sendmail
Subject: Re: Problems with sendmail-5.65c+IDA 1.4.4
Message-ID: <36658@ucsd.Edu>
Date: 30 Jun 91 22:08:28 GMT
References: <1991Jun30.083151.16887@ircam.fr> <1991Jun30.192430.6193@agate.berkeley.edu>
Organization: The Avant-Garde of the Now, Ltd.
Lines: 12

wisner@mica.Berkeley.EDU (Bill Wisner) writes:
>>3.  newaliases is executable by *any* user, no matter what the permissions on
>>    the aliases and aliases.{dir,pag} files are.
>Why is this a problem?  If users can't edit the aliases file, they
>can't do any damage with newaliases -- just make sure the database
>is up-to-date.

Actually, it allows a denial-of-service attack by a user on your
machine, during which mail will not flow, and after which, your load
average will skyrocket.  Not too serious as such things go, but it can
be REAL annoying.
	- Brian