SUMMARY: mailx doing strange things on a 2.5.1 machine

From: Christopher L. Barnard <>
Date: Thu Aug 09 2001 - 16:58:21 EDT
I asked:

> This is a wierd one, so I am putting this out to see if anyone else has
> any ideas.
> This is a Solaris 2.5.1 machine.  We have a monitoring script that mails
> root when a certain string is found in /var/adm/messages.  The program that
> mails root is /usr/ucb/mail, which is a symlink to /usr/bin/mailx.
> The mail message sets the subject with the -s flag, but has no body.  So
> it should be a null message.  However, with the manually set Subject line
> (which has the info that we need) it is also including in the body of the
> message the contents of what appears to be the console, which includes
> passwords from people logging in!
> Since this is an old machine, I do not have a 2.5.1 version of perl so I
> cannot run to see if the patches are up to date.
> My guess is that this is a bug with mailx on a 2.5.1 machine, but I am not
> sure.  Has anyone else seen this sort of problem?

The answer:

While no one has seen the exact problem I have, several people responded back
and offered suggestions.  Thank you.

Since my tripwire database explicitly lists /usr/bin/mailx, and the binary is
the same size and has the same checksum on the few 2.5.1 boxes I still have, I
do not think I have been broken into.  Several people responded that
can be told to use a separate showrev -p, pkginfo -l, uname, etc., so I was
able to check its installed packages on another machine.  (There is no mailx
patch for 2.5.1, btw)  I ended up explicitly specifying a body to the message,
and I will see if that works.  Several people mentioned specifying a body to
the message; either /dev/null or some nonsense text.  I will now wait a while
and see if the problem occurs again.

Thanks to:

Andy Bach <>
"Sylvain" <>
"Pat Winn" <>
Chaos Golubitsky <>
John D Groenveld <>
"Dave Landsiedel" <>
Mark McManus <>

| Christopher L. Barnard         O     When I was a boy I was told that |
|         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
|                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
Received on Thu Aug 9 21:58:21 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:25:01 EDT