sjs writes:
>From firewalls-owner @
GreatCircle .
COM Thu Sep 14 21:49 PDT 1995
>Date: Thu, 14 Sep 1995 21:18:38 -0700
>From: sjs @
sunthing .
sjsinc .
com (Stefan Jon Silverman)
>To: firewalls @
greatcircle .
com
>Subject: Any known security holes in the "vacation" program
>
>Folks:
>
> I'm trying to set up an auto-responder for a couple of mail aliases
>on my mailhost. For the moment, because I don't really want to get involved
>with majordomo or any of the other mail list programs, I am using the simple
>functionality of the "/usr/ucb/vacation" program under SunOS 4.1.x.
>
> Given that the .forward file requires a pipe to this program, what
>are the possible security implications for this setup (i.e., are there any
>"well known" holes in this program)???
I wouldn't recommend it. vacation can write to files in the users
home directory writing an rhosts entry jumps to mind.
=======================================================================
Brad Powell : brad .
powell @
Sun .
COM
Sr. Network Security Consultant
SunNetworks, Sun Microsystems Inc.
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================
|
|
