From owner-freebsd-hackers Sun Nov 24 20:35:26 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA03513 for hackers-outgoing; Sun, 24 Nov 1996 20:35:26 -0800 (PST) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA03504 for ; Sun, 24 Nov 1996 20:35:13 -0800 (PST) Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id PAA27300; Mon, 25 Nov 1996 15:04:55 +1030 (CST) From: Michael Smith Message-Id: <199611250434.PAA27300@genesis.atrad.adelaide.edu.au> Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 In-Reply-To: <4572.848895649@time.cdrom.com> from "Jordan K. Hubbard" at "Nov 24, 96 08:20:49 pm" To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Mon, 25 Nov 1996 15:04:54 +1030 (CST) Cc: hackers@freebsd.org, newton@communica.com.au X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jordan K. Hubbard stands accused of saying: > > No, seriously, sounds pretty neat just so long as starting sendmail > from /usr/local/etc/rc.d doesn't hose anything - I haven't looked to > see at which stage it's started in /etc/rc, but if there are any > ordering dependencies there then they might hose us. Just something > to watch for. I had no intention of starting sendmail from /usr/local/etc/rc.d; it's still a part of the base system, and should still be started out of /etc/rc. I was just going to change the startup conditional for it to conform to the new model, so that if 'mailer' was set to "qmail", sendmail would not start. The other change would be to check 'sendmail_flags' and if it was nonempty set 'mailer' to "sendmail" and copy 'mailerflags' to suit, in order to maintain backwards compatability. I religiously update /etc/rc these days, but often leave a stale /etc/sysconfig lying around. I'd also appreciate input from anyone that can see a problem with having sendmail lying around but not running; if it's thought that this is still a security risk, then there should be a comment in the handbook section on mailer security suggesting that it be disabled (nuked, re-moded, etc.). Newt, perhaps you could spare a few neurons to put some words together on this topic? (If you haven't been following the thread, I'll brief you offline...) > Jordan -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[