Subject: Re: [firstname.lastname@example.org: local root compromise in openbsd 3.0 and below]
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 04/11/2002 19:44:46
on Thu, Apr 11, 2002 at 02:30:52PM -0400, Jan Schaumann wrote:
> As seen on bugtraq just now.
> The default crontab of root does not contain the mail-command, but
> /etc/daily does, I believe. Thus, if some mischievous black sole were
> somehow to create such a file in /etc/security we'd be SOL as well.
> (Now how that person could create the file in /etc/security is a
> different story)
Surely it only requires that a line of output from /etc/security when it's
executed to begin with user/filesystem supplied data?
Is there anything wrong with using /usr/sbin/sendmail anywhere that doesn't
need an actual MUA (eg, mail)?
Or maybe only accept "dangerous" commands when stdin is not a tty?