1994-11-21 - Re: remailer security, sendmail

Header Data

From: “L. McCarthy” <lmccarth@ducie.cs.umass.edu>
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 028cf7796048465bce40042624dd96e4f4878402444576441c616b407a4ae484
Message ID: <199411210143.UAA13516@ducie.cs.umass.edu>
Reply To: <9411210020.AA06110@tucson.Princeton.EDU>
UTC Datetime: 1994-11-21 01:43:03 UTC
Raw Date: Sun, 20 Nov 94 17:43:03 PST

Raw message

From: "L. McCarthy" <lmccarth@ducie.cs.umass.edu>
Date: Sun, 20 Nov 94 17:43:03 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: remailer security, sendmail
In-Reply-To: <9411210020.AA06110@tucson.Princeton.EDU>
Message-ID: <199411210143.UAA13516@ducie.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

David Wagner writes:
> I just read an interesting post on alt.hackers.  Apparently you
> can figure out who's sending mail to who by repeatedly running
> the command /usr/lib/sendmail -bp.  I just tested this out and
> it *seems* to work, as does running /usr/ucb/mailq repeatedly.
> How's that for an obscure feature?

Well, since it's in the first couple of man pages for sendmail, it's not very
obscure :]  I would have expected better material from alt.hackers....

> Does anyone run a remailer on a multi-user machine where sendmail
> is used?

Yes; we had some discussion about this here a few weeks ago.  I, for one, am
doing just that.

> Is this sendmail feature a problem?  If so, how would
> one fix it? (write a wrapper for sendmail? but that requires root
> access *sigh*)  Am I missing something?

As I understand sendmail, it only sticks outgoing messages in the queue if 
you tell it to do so. Otherwise they can be sent pre-emptively or in the
background. This can be specified on the command line:

     dx             Set the delivery mode to x. Delivery modes are `i' for
                    interactive (synchronous) delivery, `b' for background
                    (asynchronous) delivery, and `q' for queue only - that
                    is, actual delivery is done the next time the queue is
                    run.

In any case, this doesn't provide any information about incoming mail.

Besides, with ps -aux you get to see all the invocations of sendmail, and
the invocations of pgp, and so on. I'd worry more about that than about the
sendmail queue. Convincing sysadmins that they should somehow disable the -a
option on ps doesn't sound like an easy task to me.

All this ultimately argues for placing terminal remailers on private machines,
which I think we've agreed is a Good Thing.

     -L. Futplex McCarthy; use "Subject: remailer-help" for an autoreply
PGP key by finger or server; "Better watch what you say, or they'll be calling
you a radical...a liberal" --Supertramp  "[CIA/KGB mole Aldrich Ames] took 
information in shopping bags out the front door" --miscellaneous Congressperson

-----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLs/6/2f7YYibNzjpAQFU2wP/Vq3k6/S8S34cdd0DCcH17yYBIfe1hP5K
nX//G/OE3b1yJe7k7uql8aKOyf8xMqd5o3UQY/o0qL7Kl+rHiMP6GEd+QUZunHkF
AyrjqS9nrgfls9klmXWVO3tjxllBW6ZZXuhQti4h0dMU+Kj6mu9Wva+zLPqyoSIP
lDpPV6t1FkE=
=H70i
-----END PGP SIGNATURE-----




Thread