From owner-freebsd-security Sun Jun 9 20:00:32 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA00374 for security-outgoing; Sun, 9 Jun 1996 20:00:32 -0700 (PDT) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id UAA00346 for ; Sun, 9 Jun 1996 20:00:27 -0700 (PDT) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.6.12/8.6.12) id UAA15048; Sun, 9 Jun 1996 20:00:18 -0700 From: "Rodney W. Grimes" Message-Id: <199606100300.UAA15048@GndRsh.aac.dev.com> Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue? To: taob@io.org (Brian Tao) Date: Sun, 9 Jun 1996 20:00:18 -0700 (PDT) Cc: freebsd-security@freebsd.org In-Reply-To: from Brian Tao at "Jun 9, 96 08:57:56 pm" X-Mailer: ELM [version 2.4ME+ PL11 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I accidentally went a bit too far today when looking for setuid- > related attacks on our 2.2-SNAP shell servers and took the setuid bit > off /usr/sbin/sendmail. I only noticed after the schg flag was > slapped on everything. :( > > People were getting 'queuename: Cannot create "qfUAA08787" in > "/var/spool/mqueue" (euid=935):' errors for obvious reasons. Since I > didn't want to reboot the shell servers just to chmod sendmail, I > decided to chmod 1733 /var/spool/mqueue instead: > > drwx-wx-wt 2 root daemon 2560 Jun 9 20:52 /var/spool/mqueue Denial of service attack: cat /dev/zero >/var/spool/mqueue/onebigwhole bs=32b world writable directories are a bigger problem, IMHO, than a suid sendmail. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD