On Thu, Oct 12, 2000 at 05:57:46AM -0000, D. J. Bernstein wrote:
> Peter van Dijk writes:
> > It's a bug, and it's an overflow-like one, but it doesn't seem
> > exploitable just now. Scares the shit out of me nonetheless.
>
> You are confused. The qmail-local program runs with the permissions of
> the user who owns the .qmail file. The treatment of bogus .qmail files
> has no relevance to security.
Hmmm, very good point there. However, would you admit that this is, even
tho not security-related, a bug?
Do take note that when I say 'exploitable' I'm using it in a very broad
way - I'd call a buffer overflow in 'nslookup' exploitable (actually, I
did :) even if users can't gain any extra privs with it.
Hmm, what about the case where people have ftp access with the added
'bonus' that their .qmail files get a +x, or any other legitimate way of
editing .qmail files with a +x? I know of at least one free-hosting
company that does so. What if it turns out that they can use this bug to
make qmail-local execute arbitrary code?
Greetz, Peter
--
dataloss networks
'/ignore-ance is bliss' - me
