Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Dec 1998 10:48:47 -0500
From:      "Norman C. Rice" <nrice@emu.sourcee.com>
To:        mike grommet <mgrommet@ns.insolwwb.net>, Timothy J Luoma <public+FreeBSD@fdt.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Advice on sendmail / execution of programs through .forward
Message-ID:  <19981206104847.A15176@emu.sourcee.com>
In-Reply-To: <Pine.BSI.4.05L.9812060925330.12934-100000@ns.insolwwb.net>; from mike grommet on Sun, Dec 06, 1998 at 09:28:55AM -0600
References:  <199812052049.PAA08277@ocalhost> <Pine.BSI.4.05L.9812060925330.12934-100000@ns.insolwwb.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Dec 06, 1998 at 09:28:55AM -0600, mike grommet wrote:
> 
> 
> On Sat, 5 Dec 1998, Timothy J Luoma wrote:
> 
> > 	Author:	mike grommet <mgrommet@insolwwb.net>
> > 	Date:	Fri, 4 Dec 1998 14:06:35 -0600
> > 	ID:	<A199D70FC96DD211AD1000609767926103598F@ISIMAIL>
> > 
> > I think removing the execute bit for regular users is the real answer.
> > 
> > 
> > > I mean, it seems quite possible for a user to upload some sort
> > > of exploit and an appropriate  .forward via ftp, send mail to
> > > himself and WHAM. Life gets real bad.
> > 
> > Why let them FTP anything?
> > 
> > TjL
> 
> This machine allows the keeping of personal user pages, but no cgi
> access, so they do need to be able to upload files to the machine...
> 
> I just cant believe that theres not some way to make it so sendmail
> cant all but certain files, or somesuch...
> 
> and I cant disallow forwards either because this machine hosts various web
> pages / domains for folks who need their incoming mail forwarded to other
> ISP's for their own pick up.

Disallow/turn off support for ~/.forward and simply add an entry
to /etc/aliases for the required mail forwarding. Be sure to run
newaliases after making the changes. This way you will be able to
ensure that no hanky-panky is being performed with the mail
forwarding.
-- 
Regards,
Norman C. Rice, Jr.

> 
> 
> Grrr... I'm stuck.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981206104847.A15176>