Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!ncar!tank!nic.MR.NET!hal!ncoast!allbery
From: allbery@ncoast.UUCP (Brandon S. Allbery)
Newsgroups: comp.unix.wizards
Subject: Re: Predictable
Message-ID: <13194@ncoast.UUCP>
Date: 1 Dec 88 00:15:35 GMT
References: <17464@adm.BRL.MIL> <120@minya.UUCP> <13170@ncoast.UUCP> <4271@encore.UUCP>
Reply-To: allbery@ncoast.UUCP (Brandon S. Allbery)
Followup-To: comp.unix.wizards
Organization: Cleveland Public Access UN*X, Cleveland, Oh
Lines: 41
As quoted from <4271@encore.UUCP> by bzs@encore.com (Barry Shein):
+---------------
| From: allbery@ncoast.UUCP (Brandon S. Allbery)
| >...But the network entry point to sendmail is
| >via a particular Internet port; while a random user cannot alter the shell
| >for another user in /etc/password and cannot replace /usr/lib/uucp/uucico
| >with another program (or so we hope), if the SMTP port weren't root-only
| >*any* user could arrange for their own program to listen on the SMTP port
| >and wreak all kinds of havoc on other systems. Or at minimum could read
| >anyone's incoming net mail. Fun, eh?
|
| In the first place that's one big *IF* (*IF* the SMTP port weren't
| root-only...) If a user can bypass root security on the system why is
| your main concern that they might intercept someone's incoming mail?
| Of course they can, they can just 'cat /usr/spool/mail/yournamehere'
| and delete what they want etc, why bother with the SMTP port?
+---------------
The question was why the SMTP port *was* root-only.
+---------------
| And what kind of havoc exactly can someone wreak on other systems by
| listening for incoming mail connections? I mean something peculiar to
| this ability and, what the hell, something they can't do otherwise via
| root permissions since that's a pre-requisite.
+---------------
Sorry. Dumb mistake. It didn't occur to me until a few days ago, in
conjunction with a *different* network protocol, that there was no reason
for SMTP commands to be bidirectional. (I.e. the fact that you can transmit
SMTP *commands* to a program listening on port 25 doesn't mean that the
receiving program can then transmit another SMTP command [e.g. DEBUG]
*back*.)
++Brandon
--
Brandon S. Allbery, comp.sources.misc moderator and one admin of ncoast PA UN*X
uunet!hal.cwru.edu!ncoast!allbery ncoast!allbery@hal.cwru.edu
allberyb@skybridge.sdi.cwru.edu allbery@uunet.uu.net
comp.sources.misc is moving off ncoast -- please do NOT send submissions direct
Send comp.sources.misc submissions to comp-sources-misc@.