From owner-freebsd-security  Mon Nov 16 12:05:13 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA01649
          for freebsd-security-outgoing; Mon, 16 Nov 1998 12:05:13 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mx1.dmz.fedex.com (mx1.dmz.fedex.com [199.81.194.37])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA01643
          for <freebsd-security@freebsd.org>; Mon, 16 Nov 1998 12:05:07 -0800 (PST)
          (envelope-from wam@mohawk.dpd.fedex.com)
Received: from mx2.zmd.fedex.com (sendmail@mx2.zmd.fedex.com [199.82.159.11])
	by mx1.dmz.fedex.com (8.9.1/8.9.1) with ESMTP id OAA18212
	for <freebsd-security@freebsd.org>; Mon, 16 Nov 1998 14:04:40 -0600 (CST)
Received: from s07.sa.fedex.com (root@s07.sa.fedex.com [199.81.124.17])
	by mx2.zmd.fedex.com (8.9.1/8.9.1) with ESMTP id OAA24242
	for <freebsd-security@freebsd.org>; Mon, 16 Nov 1998 14:04:39 -0600 (CST)
Received: from mohawk.dpd.fedex.com (mohawk.dpd.fedex.com [199.81.74.121])
	by s07.sa.fedex.com (8.9.1/8.9.1) with SMTP id OAA18023;
	Mon, 16 Nov 1998 14:04:37 -0600 (CST)
Message-Id: <199811162004.OAA18023@s07.sa.fedex.com>
To: Warner Losh <imp@village.org>
cc: Matthew Dillon <dillon@apollo.backplane.com>,
        Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure? 
Date: Mon, 16 Nov 1998 14:04:05 -0600
From: William McVey <wam@sa.fedex.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Warner Losh wrote:
<snip>
>sendmail needs to run as root to deliver mail and to bind to port 25.
<snip>
>lpd needs to run as root to access the files that it is printing,
>and to bind to its listening port.

inetd can start processes like sendmail (or lpd) as unprivileged
users already bound to their ports.  If the service is started with
'wait' configured, then the daemon is launched as a unprivileged
user which has complete control of the socket for accepting new
connections.  I've seen this used successfully for mail relaying
(sendmail started as "unprivileged" user smtp out of inetd).   The
smtp user can write the mail queue, and can invoke the setuid
mail.local (which is set to root.mail 4750, so regular users can't
play with it).  Works like a charm.

 -- William

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message