Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Jun 2002 18:06:34 -0700 (PDT)
From:      Mark Hartley <mark@work.drapple.com>
To:        twig les <twigles@yahoo.com>
Cc:        security@FreeBSD.ORG
Subject:   Re: Possible security liability: Filling disks with junk or spam
Message-ID:  <XFMail.020621180634.mark@work.drapple.com>
In-Reply-To: <20020622003444.66667.qmail@web10104.mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On 22-Jun-02 twig les wrote:
> Would it be viable to un-map the psuedo-users or would
> that break something?
> 

If you don't want to forward their messages to root (which I think is the best
way), you could always simply edit the aliases file and put the following lines
in:

bin: /dev/null
news: /dev/null

(and so on for each one)


Depends on how the admin wants to handle it.


Mark.


> 
> --- Sean Kelly <smkelly@zombie.org> wrote:
>> On Fri, Jun 21, 2002 at 06:01:16PM -0600, Brett
>> Glass wrote:
>> ...
>> > A client recently called me in puzzlement, saying
>> that his system was
>> > misbehaving, and it turned out that this was what
>> had happened. The address
>> > "news@victim.com" had somehow wound up on quite a
>> few spammers' lists. He'd
>> > never used or hosted netnews, and so had no need
>> for the pseudo-user. But that
>> > pseudo-user was there by default, and the system
>> dutifully created a mailbox
>> > for him/her/it when the very first spam arrived.
>> It started growing by leaps
>> > and bounds until it was -- I kid you not! --
>> several hundred megabytes in
>> > size. At which point the partition ran out of
>> room.
>> > 
>> > It seems to me that pseudo-users should be
>> non-mailable, just as a basic
>> > security policy. Ideas for the best way to
>> implement this in the default
>> > install?
>> 
>> If you look at /usr/src/etc/mail/aliases, you'll see
>> that pseudo-users are
>> mapped to root.  I also see news in there:
>> news:   root                                        
>>                            
>> usenet: news                                        
>>                            
>> 
>> It seems to me that the best way to prevent such
>> things happening would be
>> to keep your aliases files up to date.  Use
>> mergemaster and also maintain
>> the file for any pseudo-users you may add.  At some
>> point, the
>> administrator has to become responsible for the
>> system they administer.
>> 
>> -- 
>> Sean Kelly         | PGP KeyID: 77042C7B
>> smkelly@zombie.org | http://www.zombie.org
>> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.020621180634.mark>