From: Holger.VanKoll@SWISSCOM.COM
Date: Mon Mar 10 2003 - 13:27:15 EST
yes; of course you are also vulnerable to local users!
to be more precise: to anyone that can run the sendmail-binary, thats
the same in most cases.
if you care about that (and dont need local mail) remove the suid-root
bit from the sendmail-binary
-----Original Message-----
From: Green, Simon [mailto:Simon.Green@EU.ALTRIA.COM]
Sent: Monday, March 10, 2003 7:15 PM
To: aix-l@Princeton.EDU
Subject: Re: More on sendmail
How? You won't be able to receive anything from the outside world so
the only possible source of risk would be if you have someone logged on
to that system, with malicious intent. In which case sendmail is the
least of your problems. (In fact, I'm not sure that there's any way
they could do much even then; not that's specific to sendmail, anyway.)
Simon Green
Altria ITSC Europe s.a.r.l.
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will seldom be appreciated.
> -----Original Message-----
> From: Holger.VanKoll@SWISSCOM.COM [mailto:Holger.VanKoll@SWISSCOM.COM]
> Sent: 10 March 2003 17:57
> To: aix-l@Princeton.EDU
> Subject: Re: More on sendmail
>
>
<SNIP>
>
> probably you are also vulnerable if sendmail is not running in
> daemonmode!
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT