Hi Sunners,
The unanimous consensus is that this is
a recognized security issue and the only
solution is to be careful when executing
these attachments. Execute onlu those
which come from a trusted source.
The following suggestion was made by Casper
Dik:
It's a recognized security issue; the only way around this is
fireing up binder and changing the action for all such programs
from "$FILE" to something other (like textedit $FILE)
but that also affects filemgr's ability to execute the files.
----------------
DBell@mobile.bam.com came up with the following hint:
As far as I know, there is no way to "prevent" this problem. You really need to simply avoid executing random code that people send you. I'd suggest you carefully examine any enclosure (examine the code if it's a script, use strings if it's a binary) before you even consider allowing it to run on your machine. Of course, if an enclosure is a binary file, that seriously limits how much you can discover about its purpose.
-----------------
Thanks to the following for their responses:
Stephen Harris <sweh@mpn.com>
Casper Dik <casper@holland.Sun.COM>
"Boyko, Steve" <SBoyko@nbpower.com>
"Ian Wallace" <iwallace@bcoe.bm>
DBell@mobile.bam.com
Bruce Bowler <bbowler@bigelow.org>
Tim Carlson <tim@santafe.edu>
Daniel Stringfield <dstringf@fccjmail.fccj.cc.fl.us>
Rich Pieri <rich.pieri@prescienttech.com>
Jochen Bern <bern@penthesilea.uni-trier.de>
Gianluca Rotoni <gianluca@tell.ascom.ch>
thadm@oregonian.com (Thad MacMillan)
foster@bial1.ucsd.edu
Jonathan.Loh@BankAmerica.com
Jamie Lawrence <jal@ThirdAge.com>
"Steve Phelps" <phelpss@ozemail.com.au>
------------------
Original Question:
Hi Sun-managers,
Recently I got an email with an executable
as an attachment. I double clicked on it
and it executed to open a window on another
host (on the same network segment). But this
window was opened with my id !!!. This exec. was in C,
probably a statement like
"system ('setenv DISPLAY rhost; /usr/openwin/bin/cmdtool')".
I am wondering that if I send a script which has
"rm -rf *" command, will it remove all files of the
user who receives this email? If yes, then this is
a serious security issue. How do i stop this ???
BTW, we are using Solaris 2.5.1, sendmail V8.8.1 and
mailtool V3.5.1. Please enlighten me on this.
Will summarize.
Regards,
Pravin
prchavan@pcsbom.patni.com
Thanks
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:44 CDT