From owner-freebsd-security  Sat Feb 10 08:07:10 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA28718
          for security-outgoing; Sat, 10 Feb 1996 08:07:10 -0800 (PST)
Received: from bbs.mpcs.com (root@bbs.mpcs.com [204.215.226.2])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id IAA28711
          for <freebsd-security@FreeBSD.org>; Sat, 10 Feb 1996 08:07:04 -0800 (PST)
Received: from penny.n2wx.ampr.org (root@penny.n2wx.mpcs.com [204.215.226.90]) by bbs.mpcs.com (8.7.3/8.7.3/MPCS) with ESMTP id LAA22182 for <freebsd-security@FreeBSD.org>; Sat, 10 Feb 1996 11:07:02 -0500
Received: (from root@localhost) by penny.n2wx.ampr.org (8.7.3/8.6.12/n2wx) id LAA00868 for freebsd-security@FreeBSD.org; Sat, 10 Feb 1996 11:06:59 -0500
Received: (from hg@localhost) by penny.n2wx.ampr.org (8.7.3/8.7.3/n2wx) id LAA00862; Sat, 10 Feb 1996 11:06:44 -0500
Date: Sat, 10 Feb 1996 11:06:43 -0500 (EST)
From: Howard Goldstein <hg@penny.n2wx.ampr.org>
cc: FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org>
Subject: Re: User creating root-owned directories? 
In-Reply-To: <199602100808.AAA02008@precipice.shockwave.com>
Message-ID: <Pine.LNX.3.91.960210110352.492B-100000@n2wx.ampr.org>
Organization: disorganization
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
Precedence: bulk

On Sat, 10 Feb 1996, Paul Traina wrote:

> In any case, I'd upgrade to sendmail 8.7.x (x=current) and freebsd 2.1
> -stable just to be sure you've got all the security patches.  8.6.12 does
> have bugs in it which could allow a user to gain root.

I'd also suggest use of the 'smrsh' restricted shell on sendmail-invoked
processes to help keep security on sendmail up to snuff as future holes
are discovered (see smrsh subdir in the sendmail distrib). 

-- 
Howard Goldstein        <hg@n2wx.ampr.org>         http://www.tapr.org/~n2wx/
mail/newsadmin @mpcs.com