From owner-freebsd-current Thu Jan 2 20:21:20 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7730437B401 for ; Thu, 2 Jan 2003 20:21:19 -0800 (PST) Received: from zardoc.esmtp.org (adsl-63-195-85-27.dsl.snfc21.pacbell.net [63.195.85.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC7B743EC2 for ; Thu, 2 Jan 2003 20:21:18 -0800 (PST) (envelope-from ca@zardoc.esmtp.org) Received: from zardoc.esmtp.org (localhost [127.0.0.1]) by zardoc.esmtp.org (8.12.7/8.12.7.Beta1) with ESMTP id h034LSGL028293 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 2 Jan 2003 20:21:28 -0800 (PST) Received: (from ca@localhost) by zardoc.esmtp.org (8.12.7/8.12.0.Beta12) id h034LSfW017927 for freebsd-current@FreeBSD.ORG; Thu, 2 Jan 2003 20:21:28 -0800 (PST) Date: Thu, 2 Jan 2003 20:21:28 -0800 From: Claus Assmann To: freebsd-current@FreeBSD.ORG Subject: Re: 5.0-RC2 informal PR: 90 sec sendmail delay Message-ID: <20030102202128.A8458@zardoc.esmtp.org> References: <3E1352BC.4043921B@mindspring.com> <20030101145232.A391@zardoc.esmtp.org> <3E13D095.FC52B758@mindspring.com> <20030102104810.A27967@zardoc.esmtp.org> <3E14ACAC.2014C867@mindspring.com> <20030102193059.A30727@zardoc.esmtp.org> <3E150B9F.3F29FB8E@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <3E150B9F.3F29FB8E@mindspring.com>; from tlambert2@mindspring.com on Thu, Jan 02, 2003 at 08:03:43PM -0800 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jan 02, 2003, Terry Lambert wrote: > Claus Assmann wrote: > > On Thu, Jan 02, 2003, Terry Lambert wrote: > > > Claus Assmann wrote: > > > > What can you do with smmsp group access? > > > > > Send tons of SPAM. Execute code as mailuser to raise my priviledge > > > to root, and then execute code as root. > > > > > 8-). > > > > Show me a way to do the latter. If you can do that, then it's > > a bug that needs to be fixed. > If it's a bug that needs to be fixed, it's a bug in the host OS, > and not something that sendmail can address. So your claim is wrong. You can't use the mailuser account to raise your priviledges to root. > As I said before, I understand the PR problem of having a remote > exploit be a remote root exploit vs. a remote $MAILUSER exploit: Ok, let me say it once: this is B.S. This is not a P.R. problem, it is a real technical problem as I proved to you before. Since this discussion is off-topic for this list and you are not able to prove your point, I stop here. If you want to continue, I invite you to read the sendmail 9 design document and to tell me which of the parts that involve the security features of it are flawed. http://www.sendmail.org/~ca/email/sm-9-rfh.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message