COMMAND

    sendmail (IBM)

SYSTEMS AFFECTED

    AIX 4.x

PROBLEM

    Klaus Kusche posted a hint that produces "interesting" output.
    Hint is:

        /usr/lib/sendmail -C <any-file-you-want-to-read>

    This  was  tested  on  AIX  4.1.5  (as  an  ordinary  user!)  with
    "/etc/security/passwd",  and  it  indeed  displayed all the shadow
    passwords.  The only trick is that you have to be member of system
    group.

SOLUTION

    It turns out that there was  a problem -- of sorts --  in sendmail
    prior  to  8.8.7,  on  some  architectures.  Basically, on kernels
    with  group  sets,   where  groupset[0]  is   not  equivalent   to
    getegid(), and if  sendmail has the  setgid bit set,  this problem
    can  occur.   In  general,  BSD-based  systems  do  NOT  have  the
    problem, but  System V-based  systems DO.   Linux apparently  uses
    System V semantics.   However, this was  known as problem  with an
    old sendmail and it was fixed  in version 4.31 on August 5,  1984.
    Pretty shocking  if anyone  is still  running a  version that old.

    Since sounds  impossible to  have such  a old  mail, it  is rather
    problem  that  you  have  system  group  priviledge.   IBM will be
    issuing the following APARs to deny the "-C" flag to group  system
    as well:

        AIX 4.1:  IX70238
        AIX 4.2:  IX70239