Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!agate!bionet!apple!voder!pyramid!prls!mips!sultra!dtynan
From: dtynan@sultra.UUCP (Der Tynan)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Internet VIRUS alert
Message-ID: <2624@sultra.UUCP>
Date: 8 Nov 88 03:01:59 GMT
References: <8811052345.AA18501@okeeffe.Berkeley.EDU>
Organization: Tynan Computers, Sunnyvale, CA
Lines: 31

In article <8811052345.AA18501@okeeffe.Berkeley.EDU>, bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) writes:
> 
> > Does sendmail have the ability
> > of receiving mail for a process?  If so, this is the biggest security
> > hole I have heard about in a long time.
> 
> The problem is the implementation, not the concept.  Receiving mail
> for a process is extremely useful.  Three examples, first, a daemon
> program that automatically files bug reports.  Two, a program that
> replies that you've gotten the mail, but aren't reading it because
> you're on vacation.  Three, a program that takes mail and gateways
> it to network news groups.
> 
> --keith

I agree with the first poster.  It is a BIG security hole.  I can understand
the justification for piping incoming mail to a process, but this should be
done via the 'aliases' file, not the To: line.  If I can send mail

	To: "|program"

Then why have a /bin/login at all?  This gives me ultimate access to the
machine, without ever needing an account.  If all I can do, is send mail to
an alias, which is in turn, a process, then the final control is from the
person who owns the '/usr/lib/aliases' file.  Perhaps I'm missing something,
but it seems to me, that this is the way the worm propagated.
						- Der
-- 
	dtynan@Tynan.COM  (Dermot Tynan @ Tynan Computers)
	{apple,mips,pyramid,uunet}!zorba.Tynan.COM!dtynan

 ---  God invented alcohol to keep the Irish from taking over the planet  ---