Originally Published: Thursday, 4 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

sendmail 8.x.x allows user to rebuild aliases database

Sendmail up to recent 8.9.x versions - any user may pass -bi parameter to /usr/sbin/sendmail. This will result in aliases database rebuild. IMHO there's no reason to allow such things, but no matter - something rather stupid is done during rebuild: ...