Subject: Re: [ local root compromise in openbsd 3.0 and below]
To: None <>
From: None <>
List: tech-security
Date: 04/11/2002 19:44:46
on Thu, Apr 11, 2002 at 02:30:52PM -0400, Jan Schaumann wrote:
> As seen on bugtraq just now.
> The default crontab of root does not contain the mail-command, but
> /etc/daily does, I believe.  Thus, if some mischievous black sole were
> somehow to create such a file in /etc/security we'd be SOL as well.
> (Now how that person could create the file in /etc/security is a
> different story)

Surely it only requires that a line of output from /etc/security when it's
executed to begin with user/filesystem supplied data?

Is there anything wrong with using /usr/sbin/sendmail anywhere that doesn't
need an actual MUA (eg, mail)?
Or maybe only accept "dangerous" commands when stdin is not a tty?