Date: Thu, 3 Dec 1998 12:55:19 -0800 (PST) From: dima@best.net (Dima Ruban) To: robert+freebsd@cyrus.watson.org Cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local Message-ID: <199812032055.MAA07083@burka.rdy.com> In-Reply-To: <Pine.BSF.3.96.981203123334.12137A-100000@fledge.watson.org> from Robert Watson at "Dec 3, 1998 12:36:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson writes: > On Thu, 3 Dec 1998, Bill Woodford wrote: > > > | Could somebody remind me of outcome of removing suid bit from mail.local > > | discussion? > > > > Hmmm, if you remove it, I believe local mail delivery will cease due to > > permission problems. > > That is my memory of the conclusions, at least when sendmail is not > executing mail.local. If sendmail is executing it (and sendmail is > running as root) then I think it does behave correctly, at least when > sendmail is running as a daemon. I'm not sure if it behaves correctly > when sendmail is running setuid from a normal user account as invoked by, > say, pine. My feeling is more and more that we should be using protocols Yeah, it works allright. We've had this change for about 3-4 month (I think) here and there's no problems. > such as IMAP for mail access rather than try to fit everything into the > context of file system permissions, as that requires us to come up with > warped program behavior (such as making more things setuid than actually > need to be :). It might be interesting to rewrite an imap daemon to use > UNIX daemon sockets and ephemeral credential information to authenticate > the user, and similarly have a local SMTP-style domain socket also using > ephemeral data for authentication. BSD (and other Unices also) provide us > with a lot of tools to make life easier than we actually take advantage of > :). Well, it's a totally different discussion. Let's concentrate on a problems one at a time :-) > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812032055.MAA07083>