From owner-freebsd-security Fri Jun 21 18: 6:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from router.drapple.com (12-225-1-20.client.attbi.com [12.225.1.20]) by hub.freebsd.org (Postfix) with ESMTP id 8E74D37B405 for ; Fri, 21 Jun 2002 18:06:41 -0700 (PDT) Received: from work.drapple.com (work [192.168.1.10]) by router.drapple.com (8.9.3/8.9.3) with ESMTP id SAA07774; Fri, 21 Jun 2002 18:07:50 -0700 (PDT) (envelope-from mark@work.drapple.com) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20020622003444.66667.qmail@web10104.mail.yahoo.com> Date: Fri, 21 Jun 2002 18:06:34 -0700 (PDT) From: Mark Hartley To: twig les Subject: Re: Possible security liability: Filling disks with junk or spam Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 22-Jun-02 twig les wrote: > Would it be viable to un-map the psuedo-users or would > that break something? > If you don't want to forward their messages to root (which I think is the best way), you could always simply edit the aliases file and put the following lines in: bin: /dev/null news: /dev/null (and so on for each one) Depends on how the admin wants to handle it. Mark. > > --- Sean Kelly wrote: >> On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett >> Glass wrote: >> ... >> > A client recently called me in puzzlement, saying >> that his system was >> > misbehaving, and it turned out that this was what >> had happened. The address >> > "news@victim.com" had somehow wound up on quite a >> few spammers' lists. He'd >> > never used or hosted netnews, and so had no need >> for the pseudo-user. But that >> > pseudo-user was there by default, and the system >> dutifully created a mailbox >> > for him/her/it when the very first spam arrived. >> It started growing by leaps >> > and bounds until it was -- I kid you not! -- >> several hundred megabytes in >> > size. At which point the partition ran out of >> room. >> > >> > It seems to me that pseudo-users should be >> non-mailable, just as a basic >> > security policy. Ideas for the best way to >> implement this in the default >> > install? >> >> If you look at /usr/src/etc/mail/aliases, you'll see >> that pseudo-users are >> mapped to root. I also see news in there: >> news: root >> >> usenet: news >> >> >> It seems to me that the best way to prevent such >> things happening would be >> to keep your aliases files up to date. Use >> mergemaster and also maintain >> the file for any pseudo-users you may add. At some >> point, the >> administrator has to become responsible for the >> system they administer. >> >> -- >> Sean Kelly | PGP KeyID: 77042C7B >> smkelly@zombie.org | http://www.zombie.org >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message