Hi! > I had assumed that the whole problem with the vixie-cron exploit was > that cron allowed users to invoke sendmail with arbitrary command-line > options *as root*, so dropping SUID status doesn't do any good. > Sendmail doesn't try to protect the root user from themselves. I tried it on several RedHat 4.x 5.x and 6.x boxes and when they ARE running sendmail, a lot alsos did qmail, it worked just fine... Bye, Raymond.
- Root shell vixie cron exploit Michal Zalewski
- Re: Root shell vixie cron exploit Seva Gluschenko
- Re: Root shell vixie cron exploit Michal Zalewski
- Re: Root shell vixie cron exploit Christos Zoulas
- Re: Root shell vixie cron exploit Valentin Nechayev
- Re: Root shell vixie cron exploit John Kennedy
- Re: Root shell vixie cron exploit Peter Wemm
- Raymond Dijkxhoorn
