Re: possible open relay hole in qmail-smtpd-auth patch

From: Jonathan de Boyne Pollard (J.deBoynePollard_at_tesco.net)
Date: 07/16/03

  • Next message: KF: "SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh"
    To: bugtraq@securityfocus.com
    Date: Wed, 16 Jul 2003 02:09:14 +0100
    
    

    JS> i have written a revision to the qmail-smtpd-auth patch
    JS> which compensates for this common error by not supporting
    JS> the AUTH command unless all three command line arguments
    JS> are present.

    You've no guarantee that 3 is the correct number. An administrator might
    decide to use

            qmail-smtpd domain checkpassword /bin/echo Hello there.

    rather than

            qmail-smtpd domain checkpassword /bin/true

    for example, just for the heck of it.

    If you are about to assert that "The number of arguments is always going to be
    exactly 3 because 'checkpassword' is always going to be given just the one
    argument, '/bin/true'.", then I suggest that you consider taking that fact
    into account in the design of your modified patch, and eliminate the scope for
    variation in something that you are asserting is in fact intended to be
    constant.


  • Next message: KF: "SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh"