As a general rule, programs should never trust their environment. Such trust can lead to exploitation that has grave security consequences. To illustrate, consider the often misused SunOS LD_LIBRARY_PATH environment variable. Programs that use shared libraries look at this variable to determine which shared library routines they should use and in what order they should load them. One form of attack against non- suid programs (such as some delivery agents) is to modify the LD_LIBRARY_PATH variable (as in a user's ~/.forward file) to introduce Trojan horse library routines in place of the real system's library routines. Certainly, sendmail should not pass such variables to its delivery agents.
To improve security, V8
began deleting variables from
its environment before passing them to its delivery agents. It removed the
IFS variable to protect Bourne shell-script agents and all variables
beginning with "LD
Beginning with V8.7,
now takes the opposite approach. Instead
of trying to second-guess attackers, it instead constructs
the delivery agent environment from scratch. In this scheme it
defines the AGENT variable as
executes (runs) a delivery agent (see
Section 30.6.2, "The Child"
it passes to that delivery agent an environment that includes only the
items described above.
Some delivery agents, however, may require additional environmental variables
to function properly. For those special cases,
Whether or not the
For DG/UX under V8.7 sendmail you will need to declare
in your configuration file to enable /bin/mail to work properly. Beginning with V8.8 sendmail , this is already done in cf/ostype/dgux.m4 .