Date: Mon, 18 Nov 1996 15:16:21 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: newton@communica.com.au (Mark Newton) Cc: security@FreeBSD.ORG Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611180446.PAA17729@genesis.atrad.adelaide.edu.au> In-Reply-To: <9611180435.AA17191@communica.com.au> from Mark Newton at "Nov 18, 96 03:05:38 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Newton stands accused of saying: > Michael Smith wrote: > > > Mark's sense of warmth is perhaps slightly over-smug, > > Have you ever known me to be any different? :-) Ah well, I guess not. (I guess my Pringle lease has expired too. *sigh*) > It would be foolish of me to argue to have it changed, though :-) But no more foolish that many of your other crusades 8) > That would have allowed a user to obtain a setuid shell owned by the > "smtp" user by exploiting the latest bug. While not as serious as a > root shell, I'm still not wonderfully happy about the possibility. Perhaps. Still, I argue along similar lines to you; no users on mail machines, no mail on user machines. In fact, I think that shell accounts have very little use in most environments. (Teaching and development are about the only two left IMHO.) > Mark Newton Email: newton@communica.com.au -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611180446.PAA17729>