/aliases -bi
This causes sendmail to build ./aliases database files in the current directory. The
attacker then copies those bogus database files over the unprotected system originals.
The sendmail program never detects the change because the database files
appear to be newer than the aliases file.
Note, for best security, that the aliases file and its database files must be owned by
root, and be writable only by root. They must live in a directory, every path component
of which is owned by and writable only by root.
4.7 Forged Mail
Although most users are aware that paper mail can be forged, many are blissfully
unaware that email can also be forged. Forged mail can lead to a serious breach of
security. Two points of vulnerability that require particular attention are the queue
file and the SMTP interface of sendmail.
4.7.1 Forging with the Queue Directory
All versions of sendmail trust the files in the mail queue. They assume that only sendmail
has placed files there. As a consequence, a poorly protected queue directory can
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
4.7 Forged Mail | 171
allow the attacker to create mail that looks 100% authentic. This can be used to send
forged mail, to append to system-critical files, or to run arbitrary programs as root or
other users.
Pages:
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331