Date: Wed, 3 Nov 1999 23:35:06 +0100 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-security@freebsd.org Subject: Re: Sendmail options, what's more secure? Message-ID: <19991103233506.A8793@keltia.freenix.fr> In-Reply-To: <3820051F.B2BAAF89@sevenone.com> References: <3820051F.B2BAAF89@sevenone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
According to matt baker: > Given this setup, I was wondering about the merits of either: > > 1. Using the RunAsUser option, setting the mqueue directory to be owned > by this user, and also setting /etc/mail/aliases and similar files to be > also owned by this user or group writable. It's this later part that > I'm not keen on. > > 2. Running sendmail as root, but chrooted to a certain area using the > SafeFileEnvironment option. Does this mean I have to place the mqueue > and other config files in this area also? As you're not running with local users and you don't submit mail from the machine itself, you probably don't care either way. The main problem is still the big setuid-root binary. The best option is to install Postfix. No setuid, no setgid, chroot possible for programs, gast and easy to maintain. <http://www.postfix.org/>; -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #75: Tue Nov 2 21:03:12 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991103233506.A8793>