The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #070 [Disassembled virus?] (1 message, 643 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/070.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: bzs@bu-cs.BU.EDU (Barry Shein)
To: phage
Date: Sun 00:42:48 06/11/1988 EST
Subject: Disassembled virus?
References: [Thread Prev: 074] [Thread Next: 075] [Message Prev: 069] [Message Next: 071]


Keith writes...
>Not true; the sendmail bug gives you daemon, not root.  And daemon
>is not the hole that people seem to think it is, although it's not
>my idea of a good time.

Although off the subject of whether to distribute the code or not I
think that depends on how one sets up the configuration file, giving
F=S will fork mailers setuid root.

Anyhow, minor point, but perhaps folks out there now should look and
see if they have unnecessary S flags. This came up somewhere else
where someone (I'll leave him nameless) said he was about to send the
same comment to me and, upon glancing at his sendmail.cf, saw that in
fact the S flag was present in at least one mailer specification at
his site.

	-Barry Shein, ||Encore||

END OF DOCUMENT