Date: Sun, 9 Jun 1996 20:00:18 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: setuid root sendmail vs. mode 1733 /var/spool/mqueue? Message-ID: <199606100300.UAA15048@GndRsh.aac.dev.com> In-Reply-To: <Pine.NEB.3.92.960609205024.8414G-100000@zap.io.org> from Brian Tao at "Jun 9, 96 08:57:56 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I accidentally went a bit too far today when looking for setuid- > related attacks on our 2.2-SNAP shell servers and took the setuid bit > off /usr/sbin/sendmail. I only noticed after the schg flag was > slapped on everything. :( > > People were getting 'queuename: Cannot create "qfUAA08787" in > "/var/spool/mqueue" (euid=935):' errors for obvious reasons. Since I > didn't want to reboot the shell servers just to chmod sendmail, I > decided to chmod 1733 /var/spool/mqueue instead: > > drwx-wx-wt 2 root daemon 2560 Jun 9 20:52 /var/spool/mqueue Denial of service attack: cat /dev/zero >/var/spool/mqueue/onebigwhole bs=32b world writable directories are a bigger problem, IMHO, than a suid sendmail. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606100300.UAA15048>