From owner-freebsd-security Tue Dec 10 12:26:47 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id MAA27077 for security-outgoing; Tue, 10 Dec 1996 12:26:47 -0800 (PST) Received: from itchy.atlas.com ([206.29.170.239]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id MAA27070 for ; Tue, 10 Dec 1996 12:26:44 -0800 (PST) Received: (from brantk@localhost) by itchy.atlas.com (8.8.0/8.8.0) id MAA14200; Tue, 10 Dec 1996 12:27:53 -0800 (PST) Message-Id: <199612102027.MAA14200@itchy.atlas.com> Subject: Re: Running sendmail non-suid To: marcs@znep.com (Marc Slemko) Date: Tue, 10 Dec 1996 12:27:53 -0800 (PST) Cc: cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org Reply-To: bmk@pobox.com In-Reply-To: from Marc Slemko at "Dec 9, 96 05:48:30 pm" From: "Brant Katkansky" Reply-To: bmk@pobox.com X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Mon, 9 Dec 1996, Cy Schubert - ITSD Open Systems Group wrote: > > > > [running sendmail not suid-root] > > > Has anyone actually done this? Any advice or gotchas to look out for? > > > Am I insane for wanting to do this? > > You are very sane to want to do this. Everyone else is insane. And I'm > serious about that. Someone should put together a document on making > sendmail run as a non-root uid. Another thing I'm thinking of playing > with sometime. > > If you want something smap like, without the licensing restrictions, you > could look at smtpd from ftp://ftp.obtuse.com/pub/smtpd. I'll take a look at this, thanks. > > > > > First you will need to create an smtp account. > > > > Next, chown /var/spool/mqueue, /var/mail, and /usr/sbin/sendmail to user > > smtp. > > > > Run a cronjob out of root's cron every 5 minutes to process the queue. > > You are missing something here WRT how to have sendmail bind to port 25. > There are three likely ways; have it run as root long enough to bind in a > similar fashion to most webservers, run it from inetd, or modify the > kernel to let a particular non-root user bind to port 25. If you have > sendmail running as a daemon using either the first or third methods, you > don't need to run sendmail from cron. I don't believe that running sendmail from inetd will be a viable option - anticipated load is too high. What I will likely do is run it non-suid, but start it as root, and give up root privelege as soon as the port is bound. I'd rather not muck around in the kernel. One thing I'd like to know is this: Once a process has changed it's effective UID to something other than root, can it ever change it's effective UID? -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC