From owner-freebsd-bugs Sun Mar 23 08:13:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA11860 for bugs-outgoing; Sun, 23 Mar 1997 08:13:24 -0800 (PST) Received: from spinner.DIALix.COM (root@spinner.dialix.com [192.203.228.67]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA11855; Sun, 23 Mar 1997 08:13:07 -0800 (PST) Received: from spinner.DIALix.COM (peter@localhost.DIALix.oz.au [127.0.0.1]) by spinner.DIALix.COM (8.8.5/8.8.5) with ESMTP id AAA05625; Mon, 24 Mar 1997 00:11:36 +0800 (WST) Message-Id: <199703231611.AAA05625@spinner.DIALix.COM> X-Mailer: exmh version 2.0gamma 1/27/96 To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) cc: dv@kis.ru (Dmitry Valdov), freebsd-bugs@freebsd.org, security-officer@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run In-reply-to: Your message of "Sun, 23 Mar 1997 16:29:52 +0100." <19970323162952.NW34878@uriah.heep.sax.de> Date: Mon, 24 Mar 1997 00:11:35 +0800 From: Peter Wemm Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk J Wunsch wrote: > Still, i think sendmail is doing silly at this point. (Note > safefile() itself, but the use of safefile() for the PID file. But, > yes, i know, one of the more embarassing vulnerabilities of sendmail > recently was related to people allowed to restart the daemon...) Don't forget, the pid file is (or might become) an "option" in the .cf file.. ie: sendmail -o' 'PidFile=/tmp/sendmail.pid. Quite what Eric has in mind, I am not sure. I have a vague feeling that the reason for the safefopen() in the first place was for cases where the pid file was not stored in a "secure" directory, eg: /tmp, or a generic pid's directory that's mode 1777. If you take out the safefopen(), you'd better be sure that nobody who is using freebsd anywhere has done this, as it's supposedly safe to do under generic sendmail-8, but making it no longer safe under freebsd is risky. Cheers, -Peter