From owner-freebsd-bugs  Mon Jan  3 11:20:41 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7])
	by hub.freebsd.org (Postfix) with ESMTP id 07576150FB
	for <freebsd-bugs@freebsd.org>; Mon,  3 Jan 2000 11:20:37 -0800 (PST)
	(envelope-from peter@netplex.com.au)
Received: from netplex.com.au (localhost [127.0.0.1])
	by overcee.netplex.com.au (Postfix) with ESMTP
	id 165A91CA0; Tue,  4 Jan 2000 03:20:29 +0800 (WST)
	(envelope-from peter@netplex.com.au)
X-Mailer: exmh version 2.1.1 10/15/1999
To: Ole Pahl <op@pahl.net>
Cc: Przemyslaw Frasunek <venglin@FreeBSD.lublin.pl>,
	freebsd-bugs@freebsd.org
Subject: Re: Bug in recent versions of Vixie cron 
In-Reply-To: Message from Ole Pahl <op@pahl.net> 
   of "Sun, 02 Jan 2000 23:13:55 +0100." <Pine.LNX.4.05.10001022307200.12566-100000@muschel.global-phun.net> 
Date: Tue, 04 Jan 2000 03:20:29 +0800
From: Peter Wemm <peter@netplex.com.au>
Message-Id: <20000103192029.165A91CA0@overcee.netplex.com.au>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Ole Pahl wrote:
> On Sun, 2 Jan 2000, Przemyslaw Frasunek wrote:
> 
> > > This problem seems to be present in current versions of Vixie cron, e.g.
> > > those used in operating systems like FreeBSD 3.4-RC as well as certain
> > > Linux distributions such as SuSE Linux 6.2.
> 
> > FreeBSD is and was NOT vulnerable to this problem.
> 
> The person who tried to reproduce this problem on his FreeBSD machine just
> confirmed that he could not pass arbitrary commands to Sendmail using the
> MAILTO environment variable. However, Sendmail is still executed as root -
> that condition can't be exploited due to proper argument checking, though.

Have you actually *looked* at our version of the code?  There is no
"argument checking" as there are no user-supplied arguments being passed to
sendmail. (Hint: take a look at these two:
 http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/do_command.c
 http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/config.h
and the changes in April 1995)

> For further replies, please make sure to remove BugTraq from the CC list in
> order to keep Aleph1 from being bothered - I think any further discussion
> on this issue is not relevant for BugTraq.

It would be nice if people would actually *test* their claims before hitting
'send' on their mail and crying wolf yet again.

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message