The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Smail problem

To: vendor-sec@lst.de
Subject: Smail problem
From: Olaf Kirch <okir@monad.swb.de>
Date: Fri, 18 Jul 1997 13:35:35 +0200
Delivered-to: bruce-lists--debian-private@lists.debian.org
Delivered-to: security@debian.org
Resent-cc: recipient list not shown: ;
Resent-date: 18 Jul 1997 12:36:51 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"cZWzf2.0.QS1.ZDspp"@debian>
Resent-sender: debian-private-request@lists.debian.org

Hi all,

there may be a problem with smail on some installations. On my box, I'm
running generic smail 3.2 (self-compiled, not from a particular distribution).
The problem is that on some distributions, /var/spool/mail is mode 1777.
For a user who has no /etc/aliases entry or .forward file, and no mailbox
in the spool directory, I can now

	ln -s ~user/.rhosts /var/spool/mail/user
	echo "localhost okir" | smail user
	rlogin localhost -l user

and get the user's shell prompt. Most likely targets for this kind of
attack are newly installed users, and system accounts whose homedirs
happen to be actually writable by them (e.g. uucp).  Apparently, smail
neither checks the mailbox file's owner, nor does it complain about
symlinks.

I'm astonished that this kind of attack actually works, even though
the implications have been discussed for ages.

Please check whether your distribution is affected, and let me know.
Someone running sendmail, can you please also check whether sendmail
is vulnerable?  I will also inform the current smail maintainers.

Cheers
Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@lst.de        +-------------------- Why Not?! -----------------------


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Follow-Ups:
- Re: Smail problem
  - From: Florian La Roche <florian@knorke.saar.de>
- Re: Smail problem
  - From: "Christian Hudon" <chudon@ee.mcgill.ca>

Prev by Date: Info about ld.so
Next by Date: Re: Smail problem
Previous by thread: Re: Info about ld.so
Next by thread: Re: Smail problem
Index(es):
- Date
- Thread