From owner-freebsd-security Sat Apr 13 17:11:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from koibito.iisc.com (koibito.iisc.com [198.5.5.5]) by hub.freebsd.org (Postfix) with ESMTP id F11D037B404 for ; Sat, 13 Apr 2002 17:11:11 -0700 (PDT) Received: from koibito.iisc.com ([127.0.0.1]) by koibito.iisc.com (8.9.0/8.9.0) with ESMTP id UAA26695; Sat, 13 Apr 2002 20:11:00 -0400 (EDT) Message-Id: <200204140011.UAA26695@koibito.iisc.com> To: freebsd-security@freebsd.org, brett@lariat.org Subject: Affect of BSD mail/mailx bug in Solaris (was: Re: Corrected... In-Reply-To: Your message of "Sat, 13 Apr 2002 17:07:39 MDT." <4.3.2.7.2.20020413170619.00b18ef0@nospam.lariat.org> Date: Sat, 13 Apr 2002 20:11:00 -0400 From: "Charles M. Richmond" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > >amaterasu% echo "~\!cat /var/mail/root" | mailx cmr > >cat: cannot open /var/mail/root > >! > >No message !?! > > > > > >Does this mitigate the problem sufficiently? > Not if the process invoking mail really is running as root, > as a periodic maintenance script would. Remember /usr/bin/mail is fine. Only the BSD compatible mailx has the problem and I am pretty sure that no Sun scripts use mailx or its link, /usr/ucb/mail. So not only would the script have to be running as root, it would have to allow non-root users to input arguments, it would have to use a deprecated version of mail and the default root shell would have had to have been changed from 'sh' to 'csh'. Not to say that Sun shouldn't fix this. Clearly they should. I am just saying that there doesn't seem to be a means of failure without the admin coniving in his/her own destruction. Charlie PS The mail & mailx on Tru64/Digital Unix seems ok. PPS: /usr/lib/acct/ckpacct and /usr/lib/acct/runacct both use mailx but have fixed args and force the shell to sh. Ain't grep wonderful *g* *********************************************************************** * Charles Richmond Integrated International Systems Corporation * * cmr@iisc.com cmr@acm.org cmr@shore.net http://www.iisc.com * * UNIX Internals, I18N, L10N, X, Realtime Imaging, and Custom S/W * * 131 Bishop's Forest Drive , Waltham , Ma. USA 02452 * * (781) 647 2269 FAX (781) 647 3665 Cellular (781) 389 9777 * *********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message