From owner-freebsd-security Fri Jun 21 20:31:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id E19AA37B40C for ; Fri, 21 Jun 2002 20:31:41 -0700 (PDT) Received: from daleco [12.145.236.93] by mail.gbronline.com (SMTPD32-7.10) id AF4027B300F8; Fri, 21 Jun 2002 22:30:08 -0500 Message-ID: <003301c2199d$3ff0c9e0$5dec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Brett Glass" Cc: References: <200206220001.SAA26010@lariat.org> Subject: Re: Possible security liability: Filling disks with junk or spam Date: Fri, 21 Jun 2002 22:31:08 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wrote several paragraphs and deleted them. This may suffice: "Pretty much everything else in this file points to root, so you would do well in either reading root's email of forwarding root's email from here." If your client doesn't do this, maybe that's a bad thing(tm) or maybe it's just your job security... I try to avoid the "When panicked break Glass" bandwagon, but this doesn't compute for me. Kevin Kinsey, DaleCo, S.P. ----- Original Message ----- From: "Brett Glass" To: Sent: Friday, June 21, 2002 7:01 PM Subject: Possible security liability: Filling disks with junk or spam > Two years ago, at BSDCon, I reported on a form of abuse known as a > "Rumplestiltskin attack," in which an attacker guessed names in rapid > succession so as to find valid e-mail addresses to spam. Well, as it turns > out, one doesn't need to do this to find addresses on FreeBSD systems that can > be filled with mail. /etc/passwd contains quite a few pseudo-users which, if > mailed, cause the mail to be stored on the disk as if it were addressed to a > real user. No one may ever read it, but it's possible to fill the partition > and thereby wreak havoc. > > A client recently called me in puzzlement, saying that his system was > misbehaving, and it turned out that this was what had happened. The address > "news@victim.com" had somehow wound up on quite a few spammers' lists. He'd > never used or hosted netnews, and so had no need for the pseudo-user. But that > pseudo-user was there by default, and the system dutifully created a mailbox > for him/her/it when the very first spam arrived. It started growing by leaps > and bounds until it was -- I kid you not! -- several hundred megabytes in > size. At which point the partition ran out of room. > > It seems to me that pseudo-users should be non-mailable, just as a basic > security policy. Ideas for the best way to implement this in the default > install? > > --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message