Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Dec 1998 09:28:55 -0600 (CST)
From:      mike grommet <mgrommet@ns.insolwwb.net>
To:        Timothy J Luoma <public+FreeBSD@fdt.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Advice on sendmail / execution of programs through .forward
Message-ID:  <Pine.BSI.4.05L.9812060925330.12934-100000@ns.insolwwb.net>
In-Reply-To: <199812052049.PAA08277@ocalhost>

next in thread | previous in thread | raw e-mail | index | archive | help


On Sat, 5 Dec 1998, Timothy J Luoma wrote:

> 	Author:	mike grommet <mgrommet@insolwwb.net>
> 	Date:	Fri, 4 Dec 1998 14:06:35 -0600
> 	ID:	<A199D70FC96DD211AD1000609767926103598F@ISIMAIL>
> 
> I think removing the execute bit for regular users is the real answer.
> 
> 
> > I mean, it seems quite possible for a user to upload some sort
> > of exploit and an appropriate  .forward via ftp, send mail to
> > himself and WHAM. Life gets real bad.
> 
> Why let them FTP anything?
> 
> TjL

This machine allows the keeping of personal user pages, but no cgi
access, so they do need to be able to upload files to the machine...

I just cant believe that theres not some way to make it so sendmail
cant all but certain files, or somesuch...

and I cant disallow forwards either because this machine hosts various web
pages / domains for folks who need their incoming mail forwarded to other
ISP's for their own pick up.


Grrr... I'm stuck.



> 
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.4.05L.9812060925330.12934-100000>