Network Security: Detailed info on Re: possible local exploit via sendmail with procmail on solaris

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: possible local exploit via sendmail with procmail on solaris

from [Jeff Damens] Network Security

[Permanent Link]

Subject:	Re: possible local exploit via sendmail with procmail on solaris
Date:	Wed, 22 Dec 2004 17:24:56 -0500 (EST)


Mike,

Sendmail is *supposed* to run the local mailer setuid as the
recipient, so procmail should have run as you.  I'm running sendmail
8.13.1 on solaris 7 & 8 and it does seem to setuid properly.  

Is it possible that procmail itself is setuid root and is invoking the
shell which is sourcing your .cshrc?  It would be interesting to see a
truss -f of sendmail doing a local delivery.

$h is the host as set from the 2nd part of the $# local mailer rule.
It probably isn't set in your sendmail rules for local users.  

Regards,

Jeff

----------------------------------------------------------------

Jeff Damens                     Unix Systems Administrator
Polytechnic University          jdamens@ebbets.poly.edu
6 Metrotech                     (718) 260-3492
Brooklyn, New York 11201

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
possible local exploit via sendmail with procmail on solaris, Michael Barnes Re: possible local exploit via sendmail with procmail on solaris, Jeff Damens <=

Previous by Date:	Re: [Full-Disclosure] Re: Linux kernel scm_send local DoS, Valdis . Kletnieks
Next by Date:	[VulnWatch] Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H), NGSSoftware Insight Security Research
Previous by Thread:	possible local exploit via sendmail with procmail on solaris, Michael Barnes
Next by Thread:	Webmin BruteForce + Command execution - By Di42lo <DiAblo_2@012.net.il>, amit sides
Indexes:	[Date] [Thread] [Top] [All Lists]