Date: Mon, 18 Nov 1996 10:53:24 -0500 (EST) From: pgiffuni@fps.biblos.unal.edu.co To: Warner Losh <imp@village.org> Cc: Mark Newton <newton@communica.com.au>, Alan Batie <batie@agora.rdrop.com>, adam@homeport.org, freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <Pine.A41.3.95.961118104943.22356B-100000@fps.biblos.unal.edu.co> In-Reply-To: <E0vPJrb-0003cC-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 17 Nov 1996, Warner Losh wrote: > In message <9611180247.AA15359@communica.com.au> Mark Newton writes: > : indeed, precisely what I have done with it here at Communica, where > : sendmail runs as the unprivileged "smtp" user). > > I don't buy this. You need to be able to create a mailbox of an > > What am I missing? > I haven`t done that either, but some firewall software do it. I only change the deamon`s uid in the sendmail.cf so that it will use an unprivileged user that doesn`t even own a shell, as is explained in the CERT advisory. Pedro. > Warner >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.3.95.961118104943.22356B-100000>