Path: utzoo!utgpu!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Internet VIRUS alert
Message-ID: <410@auspex.UUCP>
Date: 7 Nov 88 18:14:30 GMT
References: <8811052345.AA18501@okeeffe.Berkeley.EDU>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 19


 >> Does sendmail have the ability
 >> of receiving mail for a process?  If so, this is the biggest security
 >> hole I have heard about in a long time.
 >
 >The problem is the implementation, not the concept.  Receiving mail
 >for a process is extremely useful.  Three examples, first, a daemon
 >program that automatically files bug reports.  Two, a program that
 >replies that you've gotten the mail, but aren't reading it because
 >you're on vacation.  Three, a program that takes mail and gateways
 >it to network news groups.

Or, putting it another way, the hole exploited by the worm was not the
mere ability of "sendmail" to deliver mail to a process; it was the fact
that a remote host could force "sendmail" to deliver incoming mail to a
process running a command *specified by the remote host*.  There may
well be some security hole caused by the ability of the *receiving* host
to specify that mail to "4bsd-bugs" be sent to the "bugfiler" program,
but that's a different matter.