The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Smail problem

To: Olaf Kirch <okir@monad.swb.de>
Subject: Re: Smail problem
From: Florian La Roche <florian@knorke.saar.de>
Date: Fri, 18 Jul 1997 13:52:37 +0200
Cc: vendor-sec@lst.de
Delivered-to: bruce-lists--debian-private@lists.debian.org
Delivered-to: security@debian.org
In-reply-to: <m0wpBJw-000B7kC@monad.swb.de>; from Olaf Kirch on Fri, Jul 18, 1997 at 01:35:35PM +0200
References: <m0wpBJw-000B7kC@monad.swb.de>
Resent-cc: recipient list not shown: ;
Resent-date: 18 Jul 1997 12:51:23 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"r0Y2C1.0.Fb2.ARspp"@debian>
Resent-sender: debian-private-request@lists.debian.org

> there may be a problem with smail on some installations. On my box, I'm
> running generic smail 3.2 (self-compiled, not from a particular distribution).
> The problem is that on some distributions, /var/spool/mail is mode 1777.
> For a user who has no /etc/aliases entry or .forward file, and no mailbox
> in the spool directory, I can now
> 
> 	ln -s ~user/.rhosts /var/spool/mail/user
> 	echo "localhost okir" | smail user
> 	rlogin localhost -l user
> 
> and get the user's shell prompt. Most likely targets for this kind of
> attack are newly installed users, and system accounts whose homedirs
> happen to be actually writable by them (e.g. uucp).  Apparently, smail
> neither checks the mailbox file's owner, nor does it complain about
> symlinks.
> 
> I'm astonished that this kind of attack actually works, even though
> the implications have been discussed for ages.
> 
> Please check whether your distribution is affected, and let me know.
> Someone running sendmail, can you please also check whether sendmail
> is vulnerable?  I will also inform the current smail maintainers.

sendmail never delivers email to the local mail-spool. SuSE-Linux uses
procmail to deliver the email to /var/spool/mail<user>.

SuSE has also an smail-Package, but that is not really supported by SuSE.

procmail is very picky about security-things. Though I think that programs
like "adduser" should also include a "touch /var/spool/mail/<user>".
Then nothing bad can happen.

As the mail-spool-file should also never be removed, but just truncated,
this problem can only occur until the first email is delivered.

Greetings,

Florian La Roche


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- Smail problem
  - From: Olaf Kirch <okir@monad.swb.de>

Prev by Date: Smail problem
Next by Date: Re: Info about ld.so
Previous by thread: Smail problem
Next by thread: Re: Smail problem
Index(es):
- Date
- Thread