Xref: utzoo comp.mail.sendmail:722 comp.unix.wizards:15841
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!rutgers!psuvax1!flee
From: flee@shire.cs.psu.edu (Felix Lee)
Newsgroups: comp.mail.sendmail,comp.unix.wizards
Subject: Re: Another Sendmail security problem
Message-ID: <FLEE.89May1004643@shire.cs.psu.edu>
Date: 1 May 89 04:46:43 GMT
References: <28952@ucbvax.BERKELEY.EDU> <FLEE.89Apr28231830@shire.cs.psu.edu> <28974@ucbvax.BERKELEY.EDU>
Sender: news@psuvax1.cs.psu.edu
Organization: Penn State University Computer Science
Lines: 14
In-reply-to: haynes@ucbarpa.Berkeley.EDU's message of 29 Apr 89 18:28:35 GMT

In article <28974@ucbvax.BERKELEY.EDU>,
   haynes@ucbarpa.Berkeley.EDU (Jim Haynes) writes:
>or maybe it depends on some bug that is more probable when the system is
>heavily loaded.

Our Sun4 is hardly ever heavily loaded.  It may be that when your
machine is heavily loaded sendmail queues "|program" recipients, as
our Sun does.  "|program" recipients in the queue lose the original
recipient information, and thus get run by arbitrary uids.

Tomorrow I will try to tweak sendmail on our Vax to reproduce the
problem.
--
Felix Lee	flee@shire.cs.psu.edu	*!psuvax1!shire!flee