Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!cbatt!ihnp4!cuae2!ltuxa!ttrdc!levy
From: levy@ttrdc.UUCP
Newsgroups: net.sources.bugs
Subject: Re: Security hole in smail 2.3's handling of ~/.forward
Message-ID: <1519@ttrdc.UUCP>
Date: Sun, 22-Feb-87 01:36:42 EST
Article-I.D.: ttrdc.1519
Posted: Sun Feb 22 01:36:42 1987
Date-Received: Mon, 23-Feb-87 03:27:58 EST
References: <3150@osu-eddie.UUCP>
Organization: AT&T, Computer Systems Division, Skokie, IL
Lines: 26

In article <3150@osu-eddie.UUCP>, karl@osu-eddie.UUCP writes:
>The posting of smail 2.3 has a large security hole in mail delivery
>with regard to the use of ~/.forward files. 
>
>[code]
>
>This is not sufficiently careful.  It has not checked for things like
>.forward being writable a non-owner of the file, a transparent
>security hole.  I also recommend that checks be done on the home
>directory to see that it, too, is writable only by the owner, lest
>some cracker "give" you a .forward file, and suddenly you stop getting
>mail without knowing why.
>-- 
>Karl

And not only check the home directory, but the one above it, and the one
above that, etc....  (gee you can have such fun if some careless sysadmin
leaves / world writeable).
-- 
 -------------------------------    Disclaimer:  The views contained herein are
|            dan levy            |  my own and are not at all those of my em-
|         an engihacker @        |  ployer or the administrator of any computer
| at&t computer systems division |  upon which I may hack.
|        skokie, illinois        |
 --------------------------------   Path: ..!{akgua,homxb,ihnp4,ltuxa,mvuxa,
                                        allegra,ulysses,vax135}!ttrdc!levy