From koos@pizza.hvu.nl Mon May 13 21:46:20 1996 Received: from pizza.hvu.nl (koos@Pizza.hvu.nl [145.89.234.2]) by suburbia.net (8.7.4/Proff-950810) with SMTP id VAA11283 for ; Mon, 13 May 1996 21:45:53 +1000 Received: by pizza.hvu.nl (SMI-8.6/KH19960412) id NAA12290; Mon, 13 May 1996 13:45:10 +0200 From: koos@pizza.hvu.nl (Koos van den Hout _U nix and we all_) Message-Id: <199605131145.NAA12290@pizza.hvu.nl> Subject: Re: students breaking into network through pmail To: best-of-security@suburbia.net Date: Mon, 13 May 1996 13:45:09 +0200 (MET DST) X-Mailer: ELM [version 2.4 PL25] Content-Type: text --- From a local source --- Date: Fri, 10 May 1996 01:47:39 -0500 From: "MICHAEL D. SETZER II" Subject: Re: students breaking into network through pmail I would recommend creating a rules.pmq file in all users mail directories to prevent this. Even if a user doesn't have supervisor rights, you could have the program do a number of things. If nothing else, they could have the user delete all the mail files. The easiest way that I could think of doing this would be to create a rules.pmq file and then copying it into each users mail directory. This could be done by creating a dummy rules.pmq file, and use a program like pcmag's sweep program. F:\MAIL>sweep if not exist rules.pmq copy \mail\1\rules.pmq I don't know if creating a zero byte rules.pmq would work with pegasus. It might not like a zero byte file, and you can copy a zero byte file. Perhaps it would be best to have Pegasus mail create an empty rules file if one doesn't exist to prevent this. That would be the easiest thing to totally solve the problem. On 10 May 96 at 15:47, Jon White wrote: > I have recently caught a student using the following procedure > > create a rules.pmq in their own a account that sets up a rule to execute > a program on receipt of any mail. the program run line is > > COMMAND /C H:\MAIL\target users mail dir\gotya.bat > > they then copy this rules.pmq into a users mail directory (ONLY WORKS IF > USERS DOES NOT HAVE A RULES.PMQ ALREADY) they then create a gotya.bat in > the target users mail directory to do anything they want. > > I tested and was able using the guest account which has C rights in the > mail dir to copy John Bairds (JRB UTILS) SETEQUIV into a supervisor > equivs mail directory plus a batch file the when run it would change > guest to be a supervisor equivelent. Copied a rules.pmq to run this > batch file. then delete all related files. > > When the super equiv read their mail (as I watched!) the screen went > black as the rules were processed and then carried on. No indication of > what had been done to the super user but guest had super rights. > > has any one else tried this or seen this? The only way to stop this was > to copy a empty RULES.PMQ into each users mail dir. > +----------------------------------------------------------+ | Michael D. Setzer II - Computer Science Instructor | | Guam Community College Computer Center @GCCcc.Guam.Net | | MICHAEL@GCCcc.Guam.Net or MSETZERII@cup.portal.com | | UnixWare Email: michael@linette.guam.net (OFF-LINE) | | Phone: 011-671-735-5619 | | Fax: 011-671-734-8330 | | Guam - Where America's Day Begins | +----------------------------------------------------------+ --- End excerpt --- -- Koos van den Hout, Internetter, Unix freak, ISFJ and BBS SysOp at large koos@kzdoos.xs4all.nl (Home) BBS Koos z'n Doos (+31-30-6036637 28k8) koos@pizza.hvu.nl (Work) <-- finger -l for PGPkey (+31-30-6056619 14k4) http://www.hvu.nl/~koos (WWW) Looking for a license plate with "RFC 822" Quando Omni Flunkis Moritati (If all else fails - play dead) KH106-RIPE