From owner-freebsd-security  Sat Jan 13 15:44: 5 2001
Delivered-To: freebsd-security@freebsd.org
Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123])
	by hub.freebsd.org (Postfix) with ESMTP id 0310C37B699
	for <freebsd-security@FreeBSD.ORG>; Sat, 13 Jan 2001 15:43:47 -0800 (PST)
Received: (from kris@localhost)
	by citusc.usc.edu (8.9.3/8.9.3) id PAA02436;
	Sat, 13 Jan 2001 15:45:03 -0800
Date: Sat, 13 Jan 2001 15:45:02 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: James Wyatt <jwyatt@rwsystems.net>
Cc: Ryan Thompson <ryan@sasknow.com>, freebsd-security@FreeBSD.ORG
Subject: Re: Majordomo lists security
Message-ID: <20010113154502.C2379@citusc.usc.edu>
References: <20010112222249.A28910@citusc.usc.edu> <Pine.BSF.4.10.10101131002390.98425-100000@bsdie.rwsystems.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="O3RTKUHj+75w1tg5"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.10.10101131002390.98425-100000@bsdie.rwsystems.net>; from jwyatt@rwsystems.net on Sat, Jan 13, 2001 at 10:17:37AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--O3RTKUHj+75w1tg5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Jan 13, 2001 at 10:17:37AM -0600, James Wyatt wrote:
> On Fri, 12 Jan 2001, Kris Kennaway wrote:
> > On Sat, Jan 13, 2001 at 12:05:10AM -0600, Ryan Thompson wrote:
> > > Hmm...  Maybe this has been answered before.
> > >=20
> > > Is there a GOOD reason that, by default, /usr/local/majordomo/lists is
> > > world readable?  Does not just the "majordom" user/group ever read the
> > > files contained therein?  Until now, I've never really had cause to p=
lay
> 	[ ... ]
> > From the makefile:
> >=20
> > .if !defined(BATCH) && !defined(PACKAGE_BUILDING)
> >         /usr/bin/dialog --yesno "Majordomo is unsafe to use on multi-us=
er machines: local users can run
> >  arbitrary commands as the majordomo user. Do you wish to accept the se=
curity risk and build majordomo
> > anyway?" 8 60 || ${FALSE}
> > .endif
>=20
> This says *nothing* about allowing (very portable) passwords to leak, just
> that they can run commands. Most users would take that to mean run such
> commands *locally*, not remotely. - Jy@

The ability to run commands as the user is a superset of the ability
to read a file, since the majordomo user can read its own files :-)

Both of these abilities require the user to be on the local machine,
hence the first part of the warning also covers it.

Kris

--O3RTKUHj+75w1tg5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6YOh+Wry0BWjoQKURApI/AJ93wPK3Sra8+lDWzT1RfpeNhWoM/gCfd0md
f72Ax3E7LbaOYjUG3K6fmBQ=
=LFl1
-----END PGP SIGNATURE-----

--O3RTKUHj+75w1tg5--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message