From owner-freebsd-stable  Thu Mar 28 13:53:29 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from clink.schulte.org (clink.schulte.org [209.134.156.193])
	by hub.freebsd.org (Postfix) with ESMTP id 995BA37B41A
	for <stable@FreeBSD.ORG>; Thu, 28 Mar 2002 13:53:21 -0800 (PST)
Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65])
	by clink.schulte.org (Postfix) with ESMTP
	id 4A55F24422; Thu, 28 Mar 2002 15:53:19 -0600 (CST)
Message-Id: <5.1.0.14.0.20020328154728.04ac2668@pop3s.schulte.org>
X-Sender: 
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 28 Mar 2002 15:51:50 -0600
To: Wilko Bulte <wkb@freebie.xs4all.nl>, Alan Clegg <alan@clegg.com>
From: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Subject: Re: sendmail_enable NONE
Cc: stable@FreeBSD.ORG
In-Reply-To: <20020328223826.F28059@freebie.xs4all.nl>
References: <20020328163551.B77823@shell.wetworks.org>
 <20020327154948.26668.qmail@web11602.mail.yahoo.com>
 <20020327115442.C27253@shell.one.net>
 <000c01c1d5bb$38e336e0$11fd2fd8@westbend.net>
 <20020327200304.C43825@mail.webmonster.de>
 <20020328133020.B6416@hub.freebsd.org>
 <20020328163551.B77823@shell.wetworks.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

At 10:38 PM 3/28/2002 +0100, Wilko Bulte wrote:
>Basically: binaries sitting on a disk are harmless (but take space) as
>long as they don't get run.

Some local root exploits can be prevented if unused setuid binaries have 
the bit removed.  Thus if sendmail is not used (but you want to keep the 
binary around just in case) just chmod -s.

If I install postfix, I might not be keen on sendmail advisories, thinking 
I'm not affected because the daemon is not active.  Whoops, it was a local 
problem becuase I left the binary setuid root.

>--
>|   / o / /_  _                                 wilko@FreeBSD.org
>|/|/ / / /(  (_)  Bulte                         Arnhem, the Netherlands
>    We are FreeBSD.  Resistance is futile.  Prepare to be committed.

--
Christopher Schulte
http://www.schulte.org/
Do not un-munge my @nospam.schulte.org
email address.  This address is valid.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message