-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8 Sep 99, at 11:48, Robert Varga wrote:
> On Wed, 8 Sep 1999, Sebastian Andersson wrote:
>
> > On Wed, Sep 08, 1999 at 11:24:45AM +0500, Dmitry Niqiforoff wrote:
> > > Is there any suggestions about how to avoid all the potential
> > > problems?
>
> What is the problem? They run programs with their uid and gid.
> They would not be able to run in.telnetd I think... or am I wrong?
They are able to run it - only they have to bind it to port >1024. If
the user is allowed to upload, he can also upload binaries.
There are generally two solutions:
1. Disable the user to control which programs get run. It usually
means disable user change of .forward, .qmail and alike files for
delivery (and for other services, unknown to me, also disable user
configuration).
2. Hack qmail-local, procmail etc. to run some kind of restricted
shell instead of /bin/sh (like /bin/smrsh).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBN9ZCPlMwP8g7qbw/EQKjCQCeOEpWismsf4D9cAJn32QJW8/kGJkAoO0E
/XZYVvjITiyrb/CYo2OxqICS
=ihW4
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
