Decode mail alias

Summary

A mail alias that runs the uudecode command on the mail sent to it.

Impact

This alias can be used to overwrite files on the system.

The problem

Since the mail system normally runs as superuser, this alias can be used to open holes for a system cracker. The system cracker could overwrite important system files (such as /etc/hosts.equiv) or user files (such as $HOME/.rhosts).

Fix

Comment out or delete the decode alias from /etc/aliases (or /usr/lib/aliases) and run the newaliases program to incorporate the change.

Other tips

See the Admin Guide to Cracking for an example of why this is a problem.