Date: Mon, 18 Nov 1996 07:20:16 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: imp@village.org (Warner Losh) Cc: freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181220.HAA12293@homeport.org> In-Reply-To: <E0vPLaR-0003jx-00@rover.village.org> from Warner Losh at "Nov 17, 96 09:45:35 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: | In message <9611180312.AA15775@communica.com.au> Mark Newton writes: | : Removing shell escapes from .forward is, IMHO, of a similar league to | : disabling the functionality of .rhosts files. Shell escapes are, and always | : have been, a feature which permits unaccountable abuses of security to | : provide "ease of use" which only a small subset of users really care about. | I'm sorry, but that is not an acceptible answer in a general purpose | OS. What you do on your system is OK, but that is *NOT* a good reason | to remove sendmail from the base OS. People expect the ability to run | whatever they please, or at least a subset selected by the admin. In | order to do that, the mail agent must run as that person. In order to | do that, the mail agent must either run a setuid program that is | accessible to the mail delivery agent (and likely others), or it must | run as root. The Mail Delivery Agent must run as root, and set its uid to recipient. I've used a non-root sendmail with setuid procmail to make this work just fine. We should all be thinking in terms of seperation of privledge and least privledge. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181220.HAA12293>