Date: Fri, 21 Jun 2002 19:14:35 -0500 From: Sean Kelly <smkelly@zombie.org> To: Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <20020622001435.GA99704@edgemaster.zombie.org> In-Reply-To: <200206220001.SAA26010@lariat.org> References: <200206220001.SAA26010@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett Glass wrote: ... > A client recently called me in puzzlement, saying that his system was > misbehaving, and it turned out that this was what had happened. The address > "news@victim.com" had somehow wound up on quite a few spammers' lists. He'd > never used or hosted netnews, and so had no need for the pseudo-user. But that > pseudo-user was there by default, and the system dutifully created a mailbox > for him/her/it when the very first spam arrived. It started growing by leaps > and bounds until it was -- I kid you not! -- several hundred megabytes in > size. At which point the partition ran out of room. > > It seems to me that pseudo-users should be non-mailable, just as a basic > security policy. Ideas for the best way to implement this in the default > install? If you look at /usr/src/etc/mail/aliases, you'll see that pseudo-users are mapped to root. I also see news in there: news: root usenet: news It seems to me that the best way to prevent such things happening would be to keep your aliases files up to date. Use mergemaster and also maintain the file for any pseudo-users you may add. At some point, the administrator has to become responsible for the system they administer. -- Sean Kelly | PGP KeyID: 77042C7B smkelly@zombie.org | http://www.zombie.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020622001435.GA99704>