Path: utzoo!utgpu!cunews!bnrgate!brchh104!brchs1!bnr.ca!rice.edu!sun-spots-request
From: stanonik@nprdc.navy.mil
Newsgroups: comp.sys.sun
Subject: sendmail OR hole?
Keywords: No Digest Subjects during Flush
Message-ID: <3919@brchh104.bnr.ca>
Date: 27 Jun 91 20:22:00 GMT
Sender: news@brchh104.bnr.ca
Organization: Sunspots, Flush Mode
Lines: 14
Approved: sun-spots@rice.edu
X-Original-Date:    10 June 1991 1406-PDT (Monday)

As distributed sunos4.1.1 seems to allow forging mail.  The
distributed sendmail.cf has an OR line, which seems to allow
anyone to use the -f flag on clients nfs mounting /usr/spool/mail.
We're running a relatively stock system, so I don't believe
we've contributed to this problem.

We stumbled upon this because of an apparent gnu emacs bug
which was turning the CC line into the sender; ie, replies
were coming from the person being replied to.  Amusing but
confusing.

Ron Stanonik
stanonik@nprdc.navy.mil