December 2002
Intermediate to advanced
1232 pages
56h 38m
English
Content preview from Sendmail, 3rd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
The Aliases File
The
aliases file can easily be used to gain
privileged (but not root) status if it is
wrongly or carelessly administered. In addition to proper permissions
and ownership you should be aware of potentially harmful entries that
you might have inherited from the vendor or previous administrators.
For example, many vendors used to ship systems with a
decode alias in the aliases
file (this practice is becoming less common):
# you might wish to comment this out for security decode: |/usr/bin/uudecode
The intention is to provide an easy
way for users to transfer binary files using mail. At the sending
site the user converts the binary to ASCII with
uuencode(1), then mails the result to the
decode alias at the receiving site. That alias
pipes the mail message through the
/usr/bin/uudecode program, which converts the
ASCII back into the original binary file.
The uudecode(1) program takes the name of the
file to create from the file it is decoding. That information is in
the begin line, used by
uudecode. For example, here’s
an attempt to use uudecode(1) to place a bogus
queue file directly into the sendmail queue:
begin 777 /var/spool/mqueue/qfAA12345
Here, the begin tells
uudecode to begin conversion. The
777 is the permissions to give to the file that
will be created. That is followed by the full pathname of the file.
If the queue directory were wrongly owned by
daemon, any outsider could create a bogus queued
message at your site.
Some versions of uudecode (such as the one ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.