Gene Spafford wrote:
>
> Old bugs never quite seem to die.... If the problem is in a recent
> version of AIX I think it would be very interesting to find how & why
> it got there.
>
The sendmail bug in AIX 4 does not allow any "ordinary" user
to use the "-C" flag, only root or members of the administrative
group "system" (gid=0).
Note that even though the AIX sendmail is setgid to the system group,
it does NOT allow normal users to read any file on the system.
IBM will be issuing the following APARs to deny the "-C" flag to
group system as well:
AIX 4.1: IX70238
AIX 4.2: IX70239
- --
+---------------- Opinions are my own -------------------+
|Troy Bollinger | 92CBR600F2|
|AIX Security Development | troy@austin.ibm.com|
+----------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBM+3CCcjqvEm3eDEpAQGf/QP+JxjJrJxJZJ4sO9pKfNMaoD9kjwsvwHBK
f2/gVYkjknzVngSlLcydKmTIFzwVKnu8nYaU3WQg2Oo17gQi7kuykIBRnq9O/RDt
cCQSqvtUaE7B1A12MG1vX45oPPRMDarLh5PuqNzWe0C8tH4ppvqrjW9xitgnConG
p448vK6zXts=
=v/WG
-----END PGP SIGNATURE-----