Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How is sendmail broken this time



If I am not mistaken, that is the "Linux Capabilites" bug
running suid root. You have 2 choices, upgrade sendmail or your kernel.
Please see this page:
http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt

please note this:
Sendmail 8.10.2 has added a check to see if the kernel has this bug, and
if so will refuse to run.  This version also does more detailed checks on
certain system calls, notably setuid(2), to detect other possible attacks.
Although there are no known attacks, this version is strongly recommended, 
whether or not you have a vulnerable kernel.

 -Good luck


Kris Loranger
Network Systems Engineer
Belenosinc.com
kris at kancer.978.org
IRC:efnet, #978 AIM:KancerKris
Run Linux, keep the net free!

On Wed, 21 Jun 2000, John Chambers wrote:

> 
> This is on a newly-installed Mandrake 7.0 linux:
> 
> 	: Mail -v jc at localhost
> 	Subject: Hi again.
> 
> 	Hi there.
> 	Cc: 
> 	send-mail: warning: sendmail is set-uid root, or is run from a set-uid root process
> 	send-mail: open maildrop/4A31ED64A
> 	:
> 
> 
> Any idea what's broken here, and how to fix it?  No mail gets
> delivered.
> 
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org