From owner-freebsd-questions Wed Oct 10 5:10: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from pump3.york.ac.uk (pump3.york.ac.uk [144.32.128.131]) by hub.freebsd.org (Postfix) with ESMTP id 8E04B37B408 for ; Wed, 10 Oct 2001 05:10:03 -0700 (PDT) Received: from ury.york.ac.uk (ury.york.ac.uk [144.32.108.81]) by pump3.york.ac.uk (8.10.2/8.10.2) with ESMTP id f9ACA1507734; Wed, 10 Oct 2001 13:10:01 +0100 (BST) Received: from localhost (gavin@localhost) by ury.york.ac.uk (8.11.3/8.11.3) with ESMTP id f9ACA1j72475; Wed, 10 Oct 2001 13:10:01 +0100 (BST) (envelope-from gavin.atkinson@ury.york.ac.uk) X-Authentication-Warning: ury.york.ac.uk: gavin owned process doing -bs Date: Wed, 10 Oct 2001 13:10:01 +0100 (BST) From: Gavin Atkinson To: "Kasper (swebase)" Cc: Subject: Re: Rmuser problem In-Reply-To: <001401c1517b$9ca3eae0$f02750d5@swebasekasper> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 10 Oct 2001, Kasper (swebase) wrote: > Matching password entry: > > majordomo:1Yohj.aE4MT0Y:1016:1016::0:0:MajorDomo:/home/majordomo:/bin/csh Can't help you with your problem - but you probably should not be running majordomo as UID 0. The perl scripts are setuid, and there are some pretty large security hoels in it that can give any local user the ability to execute code as the majordomo user, and as far as I am aware, quite a few of these problems and others are still outstanding. Give majordomo a different UID, there is no need for it to be UID 0 anyway. It does need to be in the daemon group however, and it is not easy to make it fully secure. Gavin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message