|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SECURITY HOLE: FormMail
Neil Woods (neil
legless.demon.co.uk)Sat, 5 Aug 1995 10:26:35 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Andrew Macpherson: "Re: SECURITY HOLE: FormMail"
- Previous message: smbresearch.att.com: "Re: SECURITY HOLE: "Guestbook""
- In reply to: Christian Wettergren: "Re: SECURITY HOLE: FormMail"
- Next in thread: Ivo: "More holes, was: Re: SECURITY HOLE: FormMail"
>
> | Just to be helpful, the way to do it more safely, without massive
> | need for checking is to build a complete mail message, including
> | header, and hand that to "sendmail -t" which then reads the recipient
> | information out of the constructed header. [Sendmail should of course
> | be an invocation of smail or pp, not the BSD program of that name,
> | given the history of problems that has had]
>
> I suspect this still wont take care of emails to pipes or files,
> i.e <|/bin/sh> or </.rhosts>, it is a legitimate, albeit unexpected,
> mail-command going to sendmail. So unless these two mode are totally
> stripped out of the sendmail, there will exist a vulnerability there,
> wont it?
>
No current version of sendmail (v8.*, any vendor supplied version) will
allow mailing directly to programs or files. In order to deliver mail to
a program or file, it must be indirect (ie. alias expansion, or from a
users .forward file).
Cheers,
Neil
--
Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.
...like a badger with an afro throwing sparklers at the Pope...
- Next message: Andrew Macpherson: "Re: SECURITY HOLE: FormMail"
- Previous message: smbresearch.att.com: "Re: SECURITY HOLE: "Guestbook""
- In reply to: Christian Wettergren: "Re: SECURITY HOLE: FormMail"
- Next in thread: Ivo: "More holes, was: Re: SECURITY HOLE: FormMail"