Re: New vulnerability in Sendmail
'John Goerzen wrote:'
>I received this from the Linux Security mailing list today. I checked the
>CERT archives and apparantly this problem is not yet documented. It looks
>like it has a potential to be very serious.
>I tested it out on my Debian system (sendmail 8.7.6) and it worked -- that is,
>it gave a normal user a root shell. Yikes!
I did the following and verified that the old sendmail is secure in
this environment (at least for this bug!):
chgrp mail /usr/sbin/sendmail
chmod 2755 /usr/sbin/sendmail
chown mail.mail /var/spool/mqueue
chmod 770 /var/spool/mqueue
I can't identify anything that won't work. Even .forward files work
since the incoming connections are handled by the sendmail process
started by root in "/etc/init.d/sendmail start". I doubt world
unreadable .forward's would work on a NFS mounted home directory (but
that is the case anyway, right?).
I think the above should be the default sendmail installation for
Debian. Sysadmins who know what they are doing can make sendmail
suid to root if they want. But the rest of us can't be expected to
drop everything every time a hole is found in sendmail. Yet our
businesses often depend on security.
Christopher J. Fearnley | Linux/Internet Consulting
firstname.lastname@example.org, email@example.com | UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf | (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf | Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller | Explorer in Universe
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com