The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #020 [Progmailer] (1 message, 728 bytes)
NOTICE: recognises the rights of all third-party works.


From: [email protected] (Brian Kantor)
To: phage
Date: Fri 00:39:20 04/11/1988 EST
Subject: Progmailer
References: [Thread Prev: 031] [Thread Next: 021] [Message Prev: 019] [Message Next: 021]

We here at UCSD believe that the cure and future prevention of attacks
through the sendmail program mailer lies in the creation of a restricted
environment.  We are working on a simple "shell" that restricts the
allowed commands either to a list of safe commands, or to a chroot'ed
directory, so that a system manager can have much more complete control
over which programs can be executed by a mailer, and in what environment.

We already have this running (for over a year now) as a safe passwordless
login shell, and we feel rather good about it, so it should only be a question
of some adaptation and a lot of testing to convert it for sendmail use.

If/when we get it working, it'll be generally available, along with the
necessary patches to sendmail and/or .cf files.

Suggestions along this line are welcome.

	Brian Kantor	UCSD Office of Academic Computing
			Academic Network Operations Group 
			UCSD B-028, La Jolla, CA 92093 USA
			[email protected] ucsd!brian [email protected]