|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: qmail, from bugtraq
From: Wietse Venema (wietse
porcupine.org)Date: Mon Jan 31 2000 - 13:13:31 CST
- Next message: Wietse Venema: "Re: Mailing to "
- Previous message: Jeremy C. Reed: "Mailing to "
- In reply to: Bennett Todd: "Re: qmail, from bugtraq"
- Next in thread: Dan Hollis: "Re: qmail, from bugtraq"
- Next in thread: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Dan Hollis: "Re: qmail, from bugtraq"
- Reply: Rask Ingemann Lambertsen: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bennett Todd:
> software. A big reward was offered for finding a security hole in
> qmail, it went uncollected. More interestingly, djb is so obnoxious
> that any number of good people have gotten so pissed off at him that
> they'd do _anything_ to find a security bug in qmail, just to wipe
> the smug grin off his face, and they've all failed.
Enough is enough.
Given DJB's past reactions to criticism on his code [1], the people
who are smart enough to find holes probably just don't bother. I
certainly stopped after reporting three vuls, two of which remote.
A bit of history is in order.
While doing a first implementation of Postfix (then still unnamed)
I noticed that there are numerous places where an MTA can screw up.
When writing the code that delivers mail to "|command", I wondered:
"what about the command's stdin, stdout and stderr file descriptors?".
I found that Sendmail simply passed on whatever it inherited from
the parent process. Consequently, Sendmail would expose my tty to
any local user who runs a command from their .forward file. Not
a major security hole, but a vulnerability nevertheless. It was
fixed [2].
When reading commands from the network, how long a string should
the SMTP server accept? I found that I was able to run several of
my machines out of swap space by feeding unreasonable amounts of
garbage over the network into qmail, installed as per the author's
instructions. Is this a vulnerability? The author argued it is not.
I would consider Postfix vulnerable if any user can cause Postfix
to blow up, especially when that user is remote.
I'll stop here.
Wietse
[1] In January 1999 in Bugtraq, DJB illustrated his insights with
several examples of how to blow my own domain off the network by
mail bombing it. In January 2000 DJB threatened to sue people.
[2] To test if you're vulnerable, set up a command in a .forward
file that writes to stdout and to stderr, then send mail with
"sendmail -v". If you see any of the command's output, then your
sendmail is vulnerable to the above problem.
- Next message: Wietse Venema: "Re: Mailing to "
- Previous message: Jeremy C. Reed: "Mailing to "
- In reply to: Bennett Todd: "Re: qmail, from bugtraq"
- Next in thread: Dan Hollis: "Re: qmail, from bugtraq"
- Next in thread: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Wietse Venema: "Re: qmail, from bugtraq"
- Reply: Dan Hollis: "Re: qmail, from bugtraq"
- Reply: Rask Ingemann Lambertsen: "Re: qmail, from bugtraq"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]