From owner-freebsd-security  Mon Nov 18 08:50:59 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA26511
          for security-outgoing; Mon, 18 Nov 1996 08:50:59 -0800 (PST)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA26505
          for <freebsd-security@freebsd.org>; Mon, 18 Nov 1996 08:50:55 -0800 (PST)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <17036(6)>; Mon, 18 Nov 1996 08:50:20 PST
Received: from localhost ([127.0.0.1]) by crevenia.parc.xerox.com with SMTP id <177557>; Mon, 18 Nov 1996 08:50:03 -0800
X-Mailer: exmh version 1.6.7 5/3/96
To: Michael Smith <msmith@atrad.adelaide.edu.au>
cc: freebsd-security@freebsd.org
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
In-reply-to: Your message of "Sun, 17 Nov 1996 19:35:04 PST."
             <199611180335.OAA17231@genesis.atrad.adelaide.edu.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 18 Nov 1996 08:50:01 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <96Nov18.085003pst.177557@crevenia.parc.xerox.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <199611180335.OAA17231@genesis.atrad.adelaide.edu.au>you write:
>...if it were possible to be non-root and bind to port 25...

It is, of course, possible to run as root for *just long enough* to bind to 
port 25.  Then setuid("smtp").

  Bill