[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: How did they do this - Thank You Guys

Subject: Re: [cobalt-security] Re: How did they do this - Thank You Guys
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Sep 2001 19:03:23 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

> John, checked the sendmail.ct and nothing in it see below...

Ah, I'm afraid I was a little out of date on this one.  Let me quote a
little of the Bat book[1]

"Prior to V8 sendmail, if a user who was not trusted attempted to use the
-f switch, that attempt was silently ignored (silently disallowed).
Beginning with V8.7 sendmail, if a user who is not trusted attempts to use
the -f switch, that attempt may produce an X-Authentication-Warning"

It would appear that the definition of a 'trusted user' got changed
somewhere along the way!  I've had a quick look and there doesn't seem to
be any option for disabling -f for your users.

Cheers,

John

[1] O'Reilly's excellent 'Sendmail'

References:
- [cobalt-security] Re: How did they do this - Thank You Guys
  - From: Render-Vue

Prev by Date: Re: [cobalt-security] Chkrootkit Report Warning
Next by Date: Re: [cobalt-security] about cd .. command can change home directory up to root server
Previous by thread: [cobalt-security] Re: How did they do this - Thank You Guys
Next by thread: [cobalt-security] about cd .. command can change home directory up to root server

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index