From owner-freebsd-security Sat Feb 28 07:07:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA15652 for freebsd-security-outgoing; Sat, 28 Feb 1998 07:07:49 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA15644 for ; Sat, 28 Feb 1998 07:07:44 -0800 (PST) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id RAA06076; Sat, 28 Feb 1998 17:56:54 +0100 Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id QAA22705; Sat, 28 Feb 1998 16:15:55 +0100 (CET) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id QAA27349; Sat, 28 Feb 1998 16:06:45 +0100 (CET) Message-ID: <19980228160645.62766@deepo.prosa.dk> Date: Sat, 28 Feb 1998 16:06:45 +0100 From: Philippe Regnauld To: Benedikt Stockebrand Cc: Nicolas Pondemer , freebsd-security@FreeBSD.ORG Subject: Re: Thanks, but... References: <34F5623C.3E6@isty-info.uvsq.fr> <19980226140934.31437@deepo.prosa.dk> <8790qvrg54.fsf@devnull.ruhr.de> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.88e In-Reply-To: <8790qvrg54.fsf@devnull.ruhr.de>; from Benedikt Stockebrand on Sat, Feb 28, 1998 at 02:52:07PM +0100 X-Operating-System: FreeBSD 2.2.5-RELEASE i386 Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Benedikt Stockebrand writes: > > alias mail="/usr/bin/mail -bB@localhost" > > or whatever your preferred shell uses as syntax to ~A/.profile this > could be done. This is out of the scope of an external attack on an environment assumed to minimally secure. > Yes, it depends on your shell and your preferred MUA and requires some > sort of security hole (like A not logging out before taking a break). > Another option would be to add a trojanized MUA binary in ~A/bin or > such. And once again, this implies a compromised environment: either the sysadmin is evil/corrupt, or someone broke root on the box. In that scenario, the methods are infinite. What'd be more interesting is to mangle the headers or confuse sendmail/some MTA from the *outside* into adding Bcc: headers. Now that's art :-) -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- «Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?» - S. Kelly Bootle, ("MYTHOLOGY", in Marutukku distrib) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message