Date: Fri, 21 Jun 2002 17:34:44 -0700 (PDT) From: twig les <twigles@yahoo.com> To: Sean Kelly <smkelly@zombie.org>, Brett Glass <brett@lariat.org> Cc: security@freebsd.org Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <20020622003444.66667.qmail@web10104.mail.yahoo.com> In-Reply-To: <20020622001435.GA99704@edgemaster.zombie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Would it be viable to un-map the psuedo-users or would that break something? --- Sean Kelly <smkelly@zombie.org> wrote: > On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett > Glass wrote: > ... > > A client recently called me in puzzlement, saying > that his system was > > misbehaving, and it turned out that this was what > had happened. The address > > "news@victim.com" had somehow wound up on quite a > few spammers' lists. He'd > > never used or hosted netnews, and so had no need > for the pseudo-user. But that > > pseudo-user was there by default, and the system > dutifully created a mailbox > > for him/her/it when the very first spam arrived. > It started growing by leaps > > and bounds until it was -- I kid you not! -- > several hundred megabytes in > > size. At which point the partition ran out of > room. > > > > It seems to me that pseudo-users should be > non-mailable, just as a basic > > security policy. Ideas for the best way to > implement this in the default > > install? > > If you look at /usr/src/etc/mail/aliases, you'll see > that pseudo-users are > mapped to root. I also see news in there: > news: root > > usenet: news > > > It seems to me that the best way to prevent such > things happening would be > to keep your aliases files up to date. Use > mergemaster and also maintain > the file for any pseudo-users you may add. At some > point, the > administrator has to become responsible for the > system they administer. > > -- > Sean Kelly | PGP KeyID: 77042C7B > smkelly@zombie.org | http://www.zombie.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020622003444.66667.qmail>