Try to find a safe way to satisfy your needs, rather than loosening
sendmail??™s security behavior.
4.6 The aliases File
The aliases file can easily be used to gain privileged (but not root) status if it is
wrongly or carelessly administered. In addition to proper permissions and ownership,
you should be aware of potentially harmful entries that you might have inherited
from the vendor or previous administrators. For example, many vendors used to
ship systems with a decode alias in the aliases file (this practice is becoming less
common):
# you might wish to comment this out for security
decode: |/usr/bin/uudecode
The intention is to provide an easy way for users to transfer binary files using mail.
At the sending site, the user converts the binary to ASCII with uuencode(1), and then
mails the result to the decode alias at the receiving site. That alias pipes the mail message
through the /usr/bin/uudecode program, which converts the ASCII back into the
original binary file.
The uudecode(1) program takes the name of the file to create from the file it is decoding.
That information is in the begin line, used by uudecode. For example, here??™s an
attempt to use uudecode(1) to place a bogus queue file directly into the sendmail
queue:
begin 777 /var/spool/mqueue/qfl0NFMs3g016812
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc.
Pages:
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329