Date: Mon, 09 Dec 96 13:11:56 -0800 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: bmk@pobox.com Cc: security@freebsd.org Subject: Re: Running sendmail non-suid Message-ID: <199612092111.NAA17991@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Mon, 09 Dec 96 10:09:55 PST." <199612091809.KAA11729@itchy.atlas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm setting up an internet-connected mail hub, and I'd like to run > sendmail not suid root. I won't be needing any ~/.forward nonsense, > as this machine will have no users at all, and will only forward mail > based on /etc/aliases. There will be no local mailboxes on this machine > at all. > > My intention for running sendmail without suid set is so that I can > hopefully avoid some of the security problems that we've seen with > sendmail in the past. > > Ideally, what I'd like to do is have sendmail running as root only long > enough to bind to the smtp port, and then give up root, never to have > it back. Preferably, running as 'nobody' or some other 'safe' user. > > Has anyone actually done this? Any advice or gotchas to look out for? > Am I insane for wanting to do this? First you will need to create an smtp account. Next, chown /var/spool/mqueue, /var/mail, and /usr/sbin/sendmail to user smtp. Run a cronjob out of root's cron every 5 minutes to process the queue. Using this approach you'll manage to stop 95% of any attempts to use sendmail to gain access to root. There is still a possibility of gaining root with this setup if your smtp account is hacked. It would be a matter of creating a mail spool file to setup a setuid-root shell. The general consensus has usually been that this approach is less secure because it is easier to gain access to a user account than root. Regards, Phone: (250)387-8437 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612092111.NAA17991>