From owner-freebsd-security  Sat Feb 28 07:03:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA14842
          for freebsd-security-outgoing; Sat, 28 Feb 1998 07:03:02 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.ruhrgebiet.individual.net (in-ruhr.ruhr.de [141.39.224.38])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA14829
          for <freebsd-security@FreeBSD.ORG>; Sat, 28 Feb 1998 07:02:55 -0800 (PST)
          (envelope-from bs@devnull.ruhr.de)
Received: (from admin@localhost)
	by mail.ruhrgebiet.individual.net (8.8.5-r-beta/8.8.5) with UUCP id PAA06517;
	Sat, 28 Feb 1998 15:37:30 +0100 (MET)
Received: from rm.devnull.ruhr.de [192.168.22.75] 
	by devnull.ruhr.de with smtp (Exim 1.73 #1)
	id 0y8mZ2-0000JG-00; Sat, 28 Feb 1998 14:44:28 +0100
Received: from bs by rm.devnull.ruhr.de with local (Exim 1.73 #1)
	id 0y8mgS-0000L6-00; Sat, 28 Feb 1998 14:52:08 +0100
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
Cc: Nicolas Pondemer <pondemer@isty-info.uvsq.fr>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Thanks, but...
References: <34F5623C.3E6@isty-info.uvsq.fr> <19980226140934.31437@deepo.prosa.dk>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
From: Benedikt Stockebrand <benedikt@devnull.ruhr.de>
Date: 28 Feb 1998 14:52:07 +0100
In-Reply-To: Philippe Regnauld's message of "Thu, 26 Feb 1998 14:09:34 +0100"
Message-ID: <8790qvrg54.fsf@devnull.ruhr.de>
Lines: 25
X-Mailer: Gnus v5.5/XEmacs 20.3 - "Vatican City"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Philippe Regnauld <regnauld@deepo.prosa.dk> writes:

> 	I don't see how user B can force user A to have a Bcc:=20
> 	automatically added to his headers.

If B managed to add something like

    alias mail="/usr/bin/mail -bB@localhost"

or whatever your preferred shell uses as syntax to ~A/.profile this
could be done.  

Yes, it depends on your shell and your preferred MUA and requires some
sort of security hole (like A not logging out before taking a break).
Another option would be to add a trojanized MUA binary in ~A/bin or
such.

IOW, if you suspect some other user of this, check ~/.* for such
beasts (as well as unsolicited ~/.rhosts entries).


    Ben

-- 
Ben(edikt)? Stockebrand    ---    Un*x system administrator looking for a job


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message