From owner-freebsd-security Mon Nov 18 07:30:24 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA21993 for security-outgoing; Mon, 18 Nov 1996 07:30:24 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA21986 for ; Mon, 18 Nov 1996 07:30:19 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id IAA23049; Mon, 18 Nov 1996 08:30:15 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id IAA04580; Mon, 18 Nov 1996 08:22:55 -0700 (MST) Date: Mon, 18 Nov 1996 08:22:54 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: Poul-Henning Kamp cc: freebsd-security@FreeBSD.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). In-Reply-To: <9172.848302243@critter.tfs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk What does sendmail need to do WRT binding to ports that a webserver doesn't? Programs such as webservers work quite well with a parent process running as root that binds to the port and forks childs running as some non-root uid to handle requests. Why couldn't (this part) of sendmail's problems be fixed the same way? On Mon, 18 Nov 1996, Poul-Henning Kamp wrote: > What we REALLY need, is a way for root, to hand out certain priviledges. > > Imagine this: > > sysctl -w net.inet.tcp.uidforport.25=`id -ur smtp` > sysctl -w net.inet.tcp.uidforport.20=`id -ur ftp` > sysctl -w net.inet.tcp.uidforport.21=`id -ur ftp` > sysctl -w net.inet.tcp.uidforport.119=`id -ur nntp` > > This means that users with UID smtp can bind to socket 25 (aka smtp), > and so on. Now sendmail NEVER needs to be root. > > How's that for security ?