Programs that use
shared libraries look at this variable to determine which shared library routines they
should use and in what order they should load them. One form of attack against
non-set-user-id programs (suchas some delivery agents) is to modify the LD_
LIBRARY_PATH variable (as in a user??™s ~/.forward file) to introduce Trojan horse
library routines in place of the real system??™s library routines. Certainly, sendmail
should not pass such variables to its delivery agents.
To improve security, early versions of V8 sendmail began deleting variables from its
environment before passing them to its delivery agents. It removed the IFS variable
to protect Bourne shell-script agents and all variables beginning with ???LD_??? to protect
all delivery agents from shared library attacks.
Beginning withV8.7, sendmail now takes the opposite approach. Instead of trying to
second-guess attackers, it constructs the delivery agent environment from scratch. In
this scheme, it defines the AGENT variable as sendmail, and the TZ variable as is
appropriate (see the TimeZoneSpec option, ?§24.9.120 on page 1110). Also, in support
of operating systems that require them, it passes the ISP and SYSTYPE variables from
its own environment to the delivery agent??™s environment.
4.2.1 The E Configuration Command
When sendmail executes (runs) a delivery agent (?§20.
Pages:
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305