Re: ifmail wont export

Victor Sudakov (vas@vas.tomsk.su)
Tue, 19 Aug 1997 00:17:46 +0800 (TSD)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Cyril Mikhailov: "tcp call out"
Previous message: Victor Sudakov: "What is this?"
In reply to: Pablo Saratxaga: "Re: ifmail wont export"
Next in thread: Pablo Saratxaga: "Re: ifmail wont export"
Reply: Pablo Saratxaga: "Re: ifmail wont export"
Reply: ïÐ: "Re: ifmail wont export"

Pablo Saratxaga wrote:
>
> You mean -rwsr-xr-x (or -rws--x--x, that is execution by anybody).
>
> Yes, that works but it is a big security hole, has anybody can tell execute
> ifmail, that is anyone can do a "cat anyfile | ifmail -g c -o+ -r f1.n2.z6"
> for exemple, forcing your system to do a long distance outgoing call, maybe
> of a very big file.
> In other words letting access to ifmail to anybody you are open to malicious
> attacks. If you have no users on your machine that isn't very important, but
> if you have you must make it only group executable

The file modes

MODE = 0711
SMODE = 4711

in the CONFIG file are the default in the ifmail distribution. Do you mean
to say that there is a security hole in the ifmail distribution and that the
author should think about changing the default into something like

MODE = 0710
SMODE = 4710

-- 
Victor Sudakov
mailto:vas@obluo.tomsk.su
http://www.tomsk.su/r/persons/vas.htm

Next message: Cyril Mikhailov: "tcp call out"
Previous message: Victor Sudakov: "What is this?"
In reply to: Pablo Saratxaga: "Re: ifmail wont export"
Next in thread: Pablo Saratxaga: "Re: ifmail wont export"
Reply: Pablo Saratxaga: "Re: ifmail wont export"
Reply: ïÐ: "Re: ifmail wont export"