Date: Tue, 11 Jun 1996 12:23:05 -0700 (PDT) From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu> To: taob@io.org (Brian Tao) Cc: security@freebsd.org Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue? Message-ID: <199606111923.MAA21929@kdat.calpoly.edu> In-Reply-To: <Pine.NEB.3.92.960609205024.8414G-100000@zap.io.org> from "Brian Tao" at Jun 9, 96 08:57:56 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> I didn't want to reboot the shell servers just to chmod sendmail, I > decided to chmod 1733 /var/spool/mqueue instead: > > drwx-wx-wt 2 root daemon 2560 Jun 9 20:52 /var/spool/mqueue > > This allows the non-root sendmails to queue outgoing messages, but > prevents other users from snooping the mail spool (mailq is disabled > here, and it looks like queue files are mode 600 anyway). > > The shell servers don't receive any mail themselves, and sendmail > runs with a queue processing interval of 5 minutes. Any comments on > the validity of my actions? It seems pretty safe to me, and it > removes another setuid binary. Cool. You've gone from having a possible hole to having a definite, easily exploited hole. Let's say I did this: cat > /var/spool/mqueue/qfXXwhatever Croot R<|/bin/sh> ...etc Next time sendmail -q runs, it executes my commands as root. Remember, sendmail trusts inherently in the security of its queue file format. That's why the 8.6.9 newline bug was so nasty. Think 1, 2, 3, 18 times before making such drastic changes. -- Nate Lawson "There are a thousand hacking at the branches of CPE Senior evil to one who is striking at the root." CSL Admin -- Henry David Thoreau, 'Walden', 1854
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606111923.MAA21929>