Xref: utzoo comp.mail.sendmail:720 comp.unix.wizards:15820
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!pasteur!ucbvax!ucbarpa.Berkeley.EDU!haynes
From: haynes@ucbarpa.Berkeley.EDU (Jim Haynes)
Newsgroups: comp.mail.sendmail,comp.unix.wizards
Subject: Re: Another Sendmail security problem
Message-ID: <28974@ucbvax.BERKELEY.EDU>
Date: 29 Apr 89 18:28:35 GMT
References: <28952@ucbvax.BERKELEY.EDU> <FLEE.89Apr28231830@shire.cs.psu.edu>
Sender: usenet@ucbvax.BERKELEY.EDU
Reply-To: haynes@ucbarpa.Berkeley.EDU.UUCP (Jim Haynes)
Organization: University of California, Berkeley
Lines: 17

In article <FLEE.89Apr28231830@shire.cs.psu.edu> flee@shire.cs.psu.edu (Felix Lee) writes:
>
>Our Sendmail under SunOS 4.0 will apparently run "|program" recipients
>with arbitrary uids.  I've been unable to duplicate this with Sendmail
>5.59 running on a Vax, but this may be a vagary of configuration.
>
Hmmm, one thing in common between your Sun and our ISI is that they are
MC68000 machines (or is your Sun a Sun4?) and hence have the opposite byte
order to VAXen.  Another fact I should have mentioned is that our ISI
machine tends to be very heavily loaded much of the time.  So maybe
there's something in there that is unwittingly sensitive to byte order;
or maybe it depends on some bug that is more probable when the system is
heavily loaded.
haynes@ucscc.ucsc.edu haynes@ucscc.bitnet ...ucbvax!ucscc!haynes

"Any clod can have the facts, but having opinions is an Art."
        Charles McCabe, San Francisco Chronicle