Date: 28 Feb 1998 14:52:07 +0100 From: Benedikt Stockebrand <benedikt@devnull.ruhr.de> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: Nicolas Pondemer <pondemer@isty-info.uvsq.fr>, freebsd-security@FreeBSD.ORG Subject: Re: Thanks, but... Message-ID: <8790qvrg54.fsf@devnull.ruhr.de> In-Reply-To: Philippe Regnauld's message of "Thu, 26 Feb 1998 14:09:34 %2B0100" References: <34F5623C.3E6@isty-info.uvsq.fr> <19980226140934.31437@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Philippe Regnauld <regnauld@deepo.prosa.dk> writes: > I don't see how user B can force user A to have a Bcc:=20 > automatically added to his headers. If B managed to add something like alias mail="/usr/bin/mail -bB@localhost" or whatever your preferred shell uses as syntax to ~A/.profile this could be done. Yes, it depends on your shell and your preferred MUA and requires some sort of security hole (like A not logging out before taking a break). Another option would be to add a trojanized MUA binary in ~A/bin or such. IOW, if you suspect some other user of this, check ~/.* for such beasts (as well as unsolicited ~/.rhosts entries). Ben -- Ben(edikt)? Stockebrand --- Un*x system administrator looking for a job To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8790qvrg54.fsf>