Date: Tue, 04 Jan 2000 03:20:29 +0800 From: Peter Wemm <peter@netplex.com.au> To: Ole Pahl <op@pahl.net> Cc: Przemyslaw Frasunek <venglin@FreeBSD.lublin.pl>, freebsd-bugs@freebsd.org Subject: Re: Bug in recent versions of Vixie cron Message-ID: <20000103192029.165A91CA0@overcee.netplex.com.au> In-Reply-To: Message from Ole Pahl <op@pahl.net> of "Sun, 02 Jan 2000 23:13:55 %2B0100." <Pine.LNX.4.05.10001022307200.12566-100000@muschel.global-phun.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ole Pahl wrote: > On Sun, 2 Jan 2000, Przemyslaw Frasunek wrote: > > > > This problem seems to be present in current versions of Vixie cron, e.g. > > > those used in operating systems like FreeBSD 3.4-RC as well as certain > > > Linux distributions such as SuSE Linux 6.2. > > > FreeBSD is and was NOT vulnerable to this problem. > > The person who tried to reproduce this problem on his FreeBSD machine just > confirmed that he could not pass arbitrary commands to Sendmail using the > MAILTO environment variable. However, Sendmail is still executed as root - > that condition can't be exploited due to proper argument checking, though. Have you actually *looked* at our version of the code? There is no "argument checking" as there are no user-supplied arguments being passed to sendmail. (Hint: take a look at these two: http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/do_command.c http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/config.h and the changes in April 1995) > For further replies, please make sure to remove BugTraq from the CC list in > order to keep Aleph1 from being bothered - I think any further discussion > on this issue is not relevant for BugTraq. It would be nice if people would actually *test* their claims before hitting 'send' on their mail and crying wolf yet again. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000103192029.165A91CA0>