> ...which is why .qmail commands are executed as the user,
> instead of as root or as one of the qmail users. Assuming
> you don't have any other local holes, the worst that user
> can do is machine gun himself in the foot, and he
> doesn't need qmail to do that!
...you should always assume you have local holes. Even if you
don't, allowing random remote people to get commands executed as local users
is a problem - how about '/bin/mail [EMAIL PROTECTED] < /etc/passwd'? Even
if there's a shadow file, that'll list usernames to guess passwords on.
But, more to the point, check out
http://cr.yp.to/qmail/guarantee.html:
"Of course, ``security hole in qmail'' does not include problems outside of
qmail: for example, NFS security problems, TCP/IP security problems, DNS
security problems, bugs in scripts run from .forward files, and operating
system bugs generally. It's silly to blame a problem on qmail if the system
was already vulnerable before qmail was installed! I also specifically
disallowed denial-of-service attacks: they are present in every MTA, widely
documented, and very hard to fix without a massive overhaul of several major
protocols. (UNIX does offer some tools to prevent local denial-of-service
attacks; see my resource exhaustion page for more information.)"
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
SoftLock.com is now DigitalGoods!
