From owner-freebsd-security  Sun Nov 17 20:55:03 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA09776
          for security-outgoing; Sun, 17 Nov 1996 20:55:03 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id UAA09764
          for <freebsd-security@freebsd.org>; Sun, 17 Nov 1996 20:54:51 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vPLig-0003lG-00; Sun, 17 Nov 1996 21:54:06 -0700
To: newton@communica.com.au (Mark Newton)
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
Cc: msmith@atrad.adelaide.edu.au (Michael Smith), batie@agora.rdrop.com,
        adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co,
        freebsd-security@freebsd.org
In-reply-to: Your message of "Mon, 18 Nov 1996 15:05:38 +1030."
		<9611180435.AA17191@communica.com.au> 
References: <9611180435.AA17191@communica.com.au>  
Date: Sun, 17 Nov 1996 21:54:06 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vPLig-0003lG-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <9611180435.AA17191@communica.com.au> Mark Newton writes:
: That's a wonderful point:  The only reason sendmail needs root to bind to
: port 25 as a daemon is because of the rather UNIX-centric view that TCP/IP
: ports less than 1024 can only be allocated by a privileged user.  TCP/IP
: implementations on non-UNIX platforms disagree violently with this
: assumption, which makes the value of this "security" feature rather dubious.
: 
: It would be foolish of me to argue to have it changed, though :-)

Sense sendmail closes port 25 when the load average is high, it would
be a bad idea to allow just anybody to bind to port 25 in this
case. Just a few forks, wait for the load avarage to get high, then
grab the port.... :-)

The binding to ports < 1024 on the local system being restricted to
non-normal users is a good thing.  Sadly, on Unix you can't do much
better than having it being root, since most Unix systems aren't
designed to have fine grain system privs.

It is hard to design a foolproof mail system, because the fools out
there are so engenious....

Warner