From owner-freebsd-hackers  Mon Nov 18 12:52:35 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA10824
          for hackers-outgoing; Mon, 18 Nov 1996 12:52:35 -0800 (PST)
Received: from isbalham (isbalham.ist.co.uk [192.31.26.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA10819
          for <freebsd-hackers@FreeBSD.org>; Mon, 18 Nov 1996 12:52:32 -0800 (PST)
Received: from gid.co.uk (uucp@localhost) by isbalham (8.6.12/8.6.12) with UUCP id UAA24026; Mon, 18 Nov 1996 20:49:33 GMT
Received: from [194.32.164.2] by seagoon.gid.co.uk; Mon, 18 Nov 1996 20:42:47 GMT
X-Sender: rb@194.32.164.1
Message-Id: <v01540b00aeb67a4ec24e@[194.32.164.2]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 18 Nov 1996 20:42:27 +0000
To: Marc Slemko <marcs@znep.com>, Robert Shady <rls@mail.id.net>
From: rb@gid.co.uk (Bob Bishop)
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
Cc: roberto@keltia.freenix.fr, freebsd-hackers@FreeBSD.org
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

At 8:34 am 18/11/96, Marc Slemko wrote:
>[moved to -hackers from security.  It started with a discussion of
>sendmail with uucp; I stated that sendmail still tries to use DNS no
>matter how you configure it and you have to recompile it to make it stop.]
>
>On Mon, 18 Nov 1996, Robert Shady wrote:
>
>> > Incorrect.  It RUNS without DNS but still TRIES to use it.  If you really
>> > don't have IP connectivity, then difference doesn't matter because it
>> > still works when the lookup fails, however it still does try and the
>> > difference does matter if you have partial IP connectivity.  I have a
>> > system setup with nocanonify and all the other config file tweaks I know
>> > of, and it still tries to use DNS as a tcpdump shows quite clearly.  This
>> > system is running 8.7.5, so things may have been changed in more recent
>> > versions but I can't say for sure; if this has changed in more recent
>> > versions, please let me know.
>> >
>> > I _think_ the define that needs to be set to 0 is NAMED_BIND, but don't
>> > recall for sure.  This has been gone over before on the lists.
>>
>> Out of curiosity, what interface exactly are you looking at if you aren't
>> running tcp/ip?
>
>I am running TCP/IP, however only sometimes; ie. a dial on demand
>connection.  If it isn't recompiled, no matter how you configure it,
>sendmail will try a DNS lookup for each bit of mail it receives, causing
>the dial on demand link to come up.  I am looking at the ppp (tun0)
>interface.  If you don't have IP running, or you don't have a route to a
>nameserver, or you don't have a nameserver, you won't notice the lookup
>but it still tries and, in this case, fails immediately.

Run a caching-only nameserver locally?


--
Bob Bishop              (0118) 977 4017  international code +44 118
rb@gid.co.uk        fax (0118) 989 4254  between 0800 and 1800 UK