The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #260 [~uucp/.forward] (1 message, 564 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/260.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Paul A Vixie <vixie@decwrl.dec.com>
To: phage
Date: Thu 17:01:33 17/11/1988 EST
Subject: ~uucp/.forward
References: [Thread Prev: 267] [Thread Next: 262] [Message Prev: 261] [Message Next: 262]

If a UUCP neighbor deposited into ~uucp/.forward a file containing
	"|/bin/sed -e '1,/^$/d'|/bin/sh"
(which they might be able to do it your ~uucp is uucp-writable as most are),
and then sent mail to your uucp account, what do you expect would happen?

Note that .forward files override /usr/lib/aliases in sendmail.

Thanks to <jqj@hogg.cc.uoregon.edu> for pointing me at this.

Anybody got an idea for a fix?  We aren't vulnerable here because our ~uucp
is NFS-mounted read-only from another machine (which has problems of its own,
but not this one).  This is not an acceptable long-term fix.

Paul

END OF DOCUMENT