From owner-freebsd-isp  Sat Mar  3 15:14: 0 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 8FAE737B71A
	for <freebsd-isp@freebsd.org>; Sat,  3 Mar 2001 15:13:56 -0800 (PST)
	(envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sat, 3 Mar 2001 15:11:25 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f23NDCv25086;
	Sat, 3 Mar 2001 15:13:12 -0800 (PST)
	(envelope-from cjc)
Date: Sat, 3 Mar 2001 15:13:09 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Jamie Heckford <heckfordj@psi-domain.co.uk>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Sendmail Question
Message-ID: <20010303151309.M89396@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <20010303142510.K3359@storm.psi-domain.co.uk> <20010303143635.M3359@storm.psi-domain.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010303143635.M3359@storm.psi-domain.co.uk>; from heckfordj@psi-domain.co.uk on Sat, Mar 03, 2001 at 02:36:35PM +0000
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, Mar 03, 2001 at 02:36:35PM +0000, Jamie Heckford wrote:
> Quick update, I just set mail.local SUID.
> 
> I noticed from reading /usr/src/UPDATING that this
> was disabled (I built the sendmail binary and tools 
> myself)
> 
> Just wondering, what was the reason for this? Will a
> security vunrability arisin from setting mail.local
> SUID?

In /usr/src/contrib/sendmail/RELEASE_NOTES,

  8.10.0/8.10.0   2000/03/01
  .
  .
  .
            MAIL.LOCAL: Will not be installed setuid root.  To use mail.local
                  as local delivery agent without LMTP mode, use
                  MODIFY_MAILER_FLAGS(`LOCAL', `+S')
                  to set the S flag.

This was a change in sendmail itself, not FreeBSD. The reason is that
it should never have been setuid in the first place.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message