Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!oliveb!intelca!mipos3!merlyn From: merlyn@intelob.biin.com (Randal L. Schwartz @ Stonehenge) Newsgroups: comp.mail.sendmail Subject: Re: sendmail worm fix (1) Summary: Not safe! Message-ID: <3210@mipos3.intel.com> Date: 21 Nov 88 20:59:53 GMT References: <16970.8811071716@sophocles.doc.ic.ac.uk> Sender: news@mipos3.intel.com Reply-To: merlyn@intelob.biin.com (Randal L. Schwartz @ Stonehenge) Organization: Stonehenge; netaccess via BiiN, Hillsboro, Oregon, USA Lines: 23 In-reply-to: jac@doc.ic.ac.uk (Jim Crammond) In article <16970.8811071716@sophocles.doc.ic.ac.uk>, jac@doc (Jim Crammond) writes: | | [ I use the debug option for testing, therefore rather than disable it | I changed the "debug" command to a 3 letter command which does not | show up with strings(1). The sendmail binary is not readable by | ordinary users so I think this is reasonably safe. -Jim. ] Eeek. Any newsreader/creative-hacker on your system (or any system that can open your smtp port) can just try a quick-and-dirty program to cycle through all 26**3 three-alpha-char commands with very little time between tries. Not smart. Not only that, but the tries won't be logged. At one second per try (very slow system, it'll be better than that), you're looking at only 5 hours of attempts. And you just told them that it is there. Beefing up security should not be attempted by the uninformed. -- Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 on contract to BiiN Technical Information Services (for now :-), in a former Intel building in Hillsboro, Oregon, USA. or ...!tektronix!inteloa[!intelob]!merlyn SOME MAILERS REQUIRE GRRRRR! Standard disclaimer: I *am* my employer!