[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: How did they do this - Thank You Guys
- Subject: Re: [cobalt-security] Re: How did they do this - Thank You Guys
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 10 Sep 2001 19:03:23 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
> John, checked the sendmail.ct and nothing in it see below...
Ah, I'm afraid I was a little out of date on this one. Let me quote a
little of the Bat book[1]
"Prior to V8 sendmail, if a user who was not trusted attempted to use the
-f switch, that attempt was silently ignored (silently disallowed).
Beginning with V8.7 sendmail, if a user who is not trusted attempts to use
the -f switch, that attempt may produce an X-Authentication-Warning"
It would appear that the definition of a 'trusted user' got changed
somewhere along the way! I've had a quick look and there doesn't seem to
be any option for disabling -f for your users.
Cheers,
John
[1] O'Reilly's excellent 'Sendmail'