[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bogus reply-to



Monique Y. Mudama wrote:

On 2004-08-07, Alvin Oga penned:
On Sat, 7 Aug 2004, John Summerfield wrote:

I think M was aiming at list members whose aim isa little sloppy.
/dev/null is fine:  if it's delivered to their own machine perhaps
they will wake up to what tbey're doing.
they can mail to &halt;@their-domain.com too

sometimes /sbin and /usr/sbin is world executable too


I don't know if that would even have a prayer of working, but I don't
want to do anything malicious; I'm just sick of getting duplicates!

First:
/sbin and /usr/sbin are world-executable on every Linux system I've used, and on my Mac (OSX). Include in my experience Mandrake, RHL, SuSE 9.0, Debian and Progeny.

Think:
How many of you have used the ifconfig command:
/sbin/ifconfig
to check your network configuration?

/usr/sbin is the standard place for sendmail, a standard way to send email (check your kmail etc settings).


I presume Alvin thinks that sending mail to &halt;@their-domain.com might shutdown someone's system. Might.

It's pretty improbable that it would work because
a) If so, It's a pretty obvious security vuln that would have been noticed by now if it existed in any mainline software.
b) /sbin and /usr/sbin are not normally in users' paths.
c) Halting someone's computer might be inconvenient, but rarely harmful.

Note that if this could be done, Linux would be a pretty handy medium for distributing viruses and spam.

It's not impossible, but also not likely.

--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/



Reply to: