The Aliases File
The
aliases file can easily be used to gain
privileged (but not root) status if it is
wrongly or carelessly administered. In addition to proper permissions
and ownership you should be aware of potentially harmful entries that
you might have inherited from the vendor or previous administrators.
For example, many vendors used to ship systems with a
decode
alias in the aliases
file (this practice is becoming less common):
# you might wish to comment this out for security decode: |/usr/bin/uudecode
The intention is to provide an easy
way for users to transfer binary files using mail. At the sending
site the user converts the binary to ASCII with
uuencode(1), then mails the result to the
decode
alias at the receiving site. That alias
pipes the mail message through the
/usr/bin/uudecode program, which converts the
ASCII back into the original binary file.
The uudecode(1) program takes the name of the
file to create from the file it is decoding. That information is in
the begin
line, used by
uudecode. For example, here’s
an attempt to use uudecode(1) to place a bogus
queue file directly into the sendmail queue:
begin 777 /var/spool/mqueue/qfAA12345
Here, the begin
tells
uudecode to begin conversion. The
777
is the permissions to give to the file that
will be created. That is followed by the full pathname of the file.
If the queue directory were wrongly owned by
daemon, any outsider could create a bogus queued
message at your site.
Some versions of uudecode (such as the one ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.