Date: Fri, 21 Jun 2002 22:31:08 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Brett Glass" <brett@lariat.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <003301c2199d$3ff0c9e0$5dec910c@daleco> References: <200206220001.SAA26010@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote several paragraphs and deleted them. This may suffice: "Pretty much everything else in this file points to root, so you would do well in either reading root's email of forwarding root's email from here." If your client doesn't do this, maybe that's a bad thing(tm) or maybe it's just your job security... I try to avoid the "When panicked break Glass" bandwagon, but this doesn't compute for me. Kevin Kinsey, DaleCo, S.P. ----- Original Message ----- From: "Brett Glass" <brett@lariat.org> To: <security@FreeBSD.ORG> Sent: Friday, June 21, 2002 7:01 PM Subject: Possible security liability: Filling disks with junk or spam > Two years ago, at BSDCon, I reported on a form of abuse known as a > "Rumplestiltskin attack," in which an attacker guessed names in rapid > succession so as to find valid e-mail addresses to spam. Well, as it turns > out, one doesn't need to do this to find addresses on FreeBSD systems that can > be filled with mail. /etc/passwd contains quite a few pseudo-users which, if > mailed, cause the mail to be stored on the disk as if it were addressed to a > real user. No one may ever read it, but it's possible to fill the partition > and thereby wreak havoc. > > A client recently called me in puzzlement, saying that his system was > misbehaving, and it turned out that this was what had happened. The address > "news@victim.com" had somehow wound up on quite a few spammers' lists. He'd > never used or hosted netnews, and so had no need for the pseudo-user. But that > pseudo-user was there by default, and the system dutifully created a mailbox > for him/her/it when the very first spam arrived. It started growing by leaps > and bounds until it was -- I kid you not! -- several hundred megabytes in > size. At which point the partition ran out of room. > > It seems to me that pseudo-users should be non-mailable, just as a basic > security policy. Ideas for the best way to implement this in the default > install? > > --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003301c2199d$3ff0c9e0$5dec910c>