[BBLISA] Appreciate the help...
John Stoffel
john at stoffel.org
Thu Jan 24 15:36:24 EST 2008
>>>>> "Daniel" == Daniel Feenberg <feenberg at nber.org> writes:
Heh... I'm going to write about the security here, not about Scott and
how he asks questions. :]
Daniel> Like you, I don't understand why Scott doesn't answer
Daniel> directly, but the rationale seems obvious enough. If Sendmail
Daniel> won't obey a .forward in a group or world writable directory
Daniel> (for fear that a trojan may executed from that file), why
Daniel> should cron be less carefull?
Because sendmail has to parse and handle potentially insecure email
that was sent by someone malicious. So sendmail tries to be good by
refusing to allow unsafe things to happen due to outside interference.
In this case, a world writeable directory means that someone could
have sendmail forward all your email to someone else. Not good.
Cron, on the other hand, can only be setup and run by the user
(ignoring root) and cannot be run because a user leaves a world
writeable directory around. Cron runs a specific program, not a
generic one.
Daniel> It seems like a reasonable question.
Sure, in context.
Daniel> The security problem that sendmail is addressing comes up only
Daniel> in the presence of a user error, but the same can be said for
Daniel> cron.
It's not the same issue at all.
Daniel> Indeed, by extension perhaps chmod should refuse to make
Daniel> executable such a file, although it would be a nuisance for
Daniel> chmod to do the obverse check (that there were no executable
Daniel> files in a directory about to become world writable).
First off, the executable bit on a directory entry means something
else compared to the executable bit on a file. Second, making a
directory world writeable is a more conscious decision here (modulo
that someone has hacked your account, etc...)
Daniel> It isn't something I would be prepared to tell someone else
Daniel> they must or must not do this, but it is perhaps worth
Daniel> thinking about costs and benefits.
Yup, I agree.
John
More information about the bblisa
mailing list