From owner-freebsd-questions Sun Dec 6 07:34:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA06731 for freebsd-questions-outgoing; Sun, 6 Dec 1998 07:34:15 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from ns.insolwwb.net (ns.insolwwb.net [206.31.149.200]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA06726 for ; Sun, 6 Dec 1998 07:34:14 -0800 (PST) (envelope-from mgrommet@ns.insolwwb.net) Received: from localhost (mgrommet@localhost) by ns.insolwwb.net (8.9.0/8.9.0) with ESMTP id JAA13329; Sun, 6 Dec 1998 09:28:55 -0600 (CST) Date: Sun, 6 Dec 1998 09:28:55 -0600 (CST) From: mike grommet To: Timothy J Luoma cc: freebsd-questions@FreeBSD.ORG Subject: Re: Advice on sendmail / execution of programs through .forward In-Reply-To: <199812052049.PAA08277@ocalhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 5 Dec 1998, Timothy J Luoma wrote: > Author: mike grommet > Date: Fri, 4 Dec 1998 14:06:35 -0600 > ID: > > I think removing the execute bit for regular users is the real answer. > > > > I mean, it seems quite possible for a user to upload some sort > > of exploit and an appropriate .forward via ftp, send mail to > > himself and WHAM. Life gets real bad. > > Why let them FTP anything? > > TjL This machine allows the keeping of personal user pages, but no cgi access, so they do need to be able to upload files to the machine... I just cant believe that theres not some way to make it so sendmail cant all but certain files, or somesuch... and I cant disallow forwards either because this machine hosts various web pages / domains for folks who need their incoming mail forwarded to other ISP's for their own pick up. Grrr... I'm stuck. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message