From owner-freebsd-security  Tue Feb  5  2:53:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from memphis.mephi.ru (memphis.mephi.ru [194.67.67.234])
	by hub.freebsd.org (Postfix) with ESMTP id ACEBE37B420
	for <freebsd-security@FreeBSD.ORG>; Tue,  5 Feb 2002 02:53:06 -0800 (PST)
Received: (from timon@localhost)
	by memphis.mephi.ru (8.11.6/8.11.3) id g15AqtM86807;
	Tue, 5 Feb 2002 13:52:55 +0300 (MSK)
	(envelope-from timon)
Date: Tue, 5 Feb 2002 13:52:55 +0300 (MSK)
From: "Artem 'Zazoobr' Ignatjev" <timon@memphis.mephi.ru>
Message-Id: <200202051052.g15AqtM86807@memphis.mephi.ru>
To: freebsd-security@FreeBSD.ORG, kuku@gilberto.physik.RWTH-Aachen.DE
Subject: Re: .forward+ group writable directory
In-Reply-To: <200202050920.g159KrP55937@gilberto.physik.RWTH-Aachen.DE>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
> To: freebsd-security@FreeBSD.ORG
> Subject: .forward+ group writable directory
>
> Since two days my procmail filter isn't working anymore and I
> see these logs in my maillog.
>
> It's FreeBSD 4.4 with ESMTP Sendmail 8.11.6/8.11.6 (the stock
> that comes withthe distribution). Is it likely that I have been
> hacked? I see otherwise no signs thereof.
>
>
> Feb  5 00:00:04 host sendmail[52966]: g14N03M52963: forward /home/user/.forward.host+: Group writable directory
> Feb  5 00:00:04 host sendmail[52966]: g14N03M52963: forward /home/user/.forward+: Group writable directory
> Feb  5 00:00:04 host sendmail[52966]: g14N03M52963: forward /home/user/.forward.host: Group writable directory
> Feb  5 00:00:04 host sendmail[52966]: g14N03M52963: forward /home/user/.forward: Group writable directory

Sendmail treats group/world writable files/dirs (aliases, mail queue, etc) as insecure.
You should either `chmod g-w /home/user' or read sendmail documentation (especially for security issues and "DontBlameSendmail" option).

			Sinceherely yours, Artem 'Zazoobr' Ignatjev.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message