Date: 28 Feb 1998 14:52:07 +0100 From: Benedikt Stockebrand <benedikt@devnull.ruhr.de> To: Philippe Regnauld <regnauld@deepo.prosa.dk> Cc: Nicolas Pondemer <pondemer@isty-info.uvsq.fr>, freebsd-security@FreeBSD.ORG Subject: Re: Thanks, but... Message-ID: <8790qvrg54.fsf@devnull.ruhr.de> In-Reply-To: Philippe Regnauld's message of "Thu, 26 Feb 1998 14:09:34 %2B0100" References: <34F5623C.3E6@isty-info.uvsq.fr> <19980226140934.31437@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Philippe Regnauld <regnauld@deepo.prosa.dk> writes:
> I don't see how user B can force user A to have a Bcc:=20
> automatically added to his headers.
If B managed to add something like
alias mail="/usr/bin/mail -bB@localhost"
or whatever your preferred shell uses as syntax to ~A/.profile this
could be done.
Yes, it depends on your shell and your preferred MUA and requires some
sort of security hole (like A not logging out before taking a break).
Another option would be to add a trojanized MUA binary in ~A/bin or
such.
IOW, if you suspect some other user of this, check ~/.* for such
beasts (as well as unsolicited ~/.rhosts entries).
Ben
--
Ben(edikt)? Stockebrand --- Un*x system administrator looking for a job
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8790qvrg54.fsf>