[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] root access from old sendmail boxes

To: Linux India <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [LI] root access from old sendmail boxes
From: Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>
Date: Sat, 22 Jan 2000 22:04:26 +0530 (IST)
Cc: Manoj Victor Mathew <mvm@xxxxxxxxxxxxxxx>
In-reply-to: <200001220733.XAA11532@www.aunet.org>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

On Fri, 21 Jan 2000, thus spake Manoj Victor Mathew:

> > When someone like poor old me stands out yelling about "security holes",
> > then there's a general feeling that I'm crying wolf.

> But what I /meant/ was
> Mr. Suresh's detailed account on the Sendmail bug has enabled me to

  ^^^^^ Hey, why the sudden formality?  Drop the Mr, Mister ;)

> know how that specific bug can give r00t. Thanks Suresh! 

You try it out on anything other than a box you control, it's YOUR ass
(besides being highly abusive and illegal - you could be liable to
prosecution in several US states - telnet to hobbiton.org for a warning 
against unauthorized access, which mentions one such law)

I recommend that you try it on old unix boxes in your lan - there should
be a few old redhat / slak boxen around, surely - even redhat 5.0 will do.

> I am not a network administrator, and hence have no need to be aware
> of all possible bugs. I read FYIs posted by Raju, but do not bother to

There ~are~ others who do - those who run servers connected 24X7 to the
Net.  One of the members of another list am on has a sigquote which reads
somewhat like

"Being a unix administrator is somewhat like being an assistant at a
biological warfare lab.  Only, no bottle is labeled ....." (I'll get you
the full - rather long - quote soon)

> would not have known those 'details', but I still would not have
> searched the net for it. Simply because I have no need for Sendmail

This is meant as a FYI.  You don't need them, but if say your college
network gets broken into by a hacker or spammer, you know what to do.
Trace the offender and report him to his ISP - and watch the thanks come
in when you tell a harassed sysad that the guy who screwed his happiness
has been thrown off his ISP (and perhaps fined heavily)

> I have /no/ reasons to not believe Suresh; President, CAUCE India. And I
> do read his posts :-)

I have every reason to believe Manoj Victor Mathew, and I do read his
posts :-)

> 'Believe' was not the right word. I guess need to be more careful from
> now on.

Hey relax - why get all that serious about it?  If you ~do~ want to come
over all serious, just do me a favor.  If you know a friend has a (24*7
online) server running old *nix, tell him to upgrade.

-- 
Suresh Ramasubramanian     | President, CAUCE India
r.suresh@xxxxxxxxxxxxxxx   | suresh@xxxxxxxxxxxxxxx
http://www.india.cauce.org | Stopping Spam In India
--
A modem is a baudy house.

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Prev by Subject: Re: [LI] root access from old sendmail boxes
Next by Subject: [LI] rp3 problems
Previous by thread: Re: [LI] root access from old sendmail boxes
Next by thread: [LI] problem with network
Index(es):
- Subject
- Thread