uudecode Problem
srs!matt at uhura.cc.rochester.edu
srs!matt at uhura.cc.rochester.edu
Fri Dec 30 15:17:22 AEST 1988
Although uudecode doesn't really "need" the SUID bit to be set (and the
file owned by uucp -- which it seems is a security problem in itself),
there is a problem with what Sun used to (and probably still does)
distribute as the default /usr/lib/aliases file. Within it, there is an
alias:
decode: "|/usr/bin/uudecode"
Since "decode" gets called as "daemon", this poses yet another security
threat.
I wanted to test the above theory, but try as I might, I couldn't get
sendmail to accept an address in the aliases file with a '|' in it. I
kept getting the message "User unknown" (this is opposed to the "normal"
message you get when mailing to an invalid user of: "name... User
unknown"). Perhaps Sun has disallowed mailing to programs? I don't think
so, but then again, I can't seem to get it to work either. This is under
SunOS 3.2...
-----
- uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen
- internet: matt at srs.uucp OR matt%srs.uucp at harvard.harvard.edu
More information about the Comp.sys.sun
mailing list