From owner-freebsd-security  Mon Nov 18 09:59:32 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA01437
          for security-outgoing; Mon, 18 Nov 1996 09:59:32 -0800 (PST)
Received: from brimstone.gage.com (brimstone.gage.com [205.217.2.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA01432
          for <freebsd-security@freebsd.org>; Mon, 18 Nov 1996 09:59:29 -0800 (PST)
Received: (from mail@localhost) by brimstone.gage.com (8.8.3/8.7.3) id LAA03165; Mon, 18 Nov 1996 11:58:54 -0600 (CST)
Received: from octopus.gage.com(158.60.57.50) by brimstone.gage.com via smap (V2.0beta)
	id xma003163; Mon, 18 Nov 96 11:58:33 -0600
Received: from squid.gage.com (squid [158.60.57.101]) by octopus.gage.com (8.7.5/8.7.3) with SMTP id LAA15965; Mon, 18 Nov 1996 11:49:16 -0600 (CST)
Received: from schemer by squid.gage.com (NX5.67e/NX3.0S)
	id AA29784; Mon, 18 Nov 96 11:49:10 -0600
Message-Id: <9611181749.AA29784@squid.gage.com>
Received: by schemer.gage.com (NX5.67g/NX3.0X)
	id AA01926; Mon, 18 Nov 96 11:49:34 -0600
Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 4.0 v146.2)
In-Reply-To: <96Nov18.085003pst.177557@crevenia.parc.xerox.com>
X-Nextstep-Mailer: Mail 3.3 (Enhance 1.3)
Received: by NeXT.Mailer (1.146.2)
From: Ben Black <black@gage.com>
Date: Mon, 18 Nov 96 11:49:32 -0600
To: Bill Fenner <fenner@parc.xerox.com>
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
Cc: Michael Smith <msmith@atrad.adelaide.edu.au>, freebsd-security@freebsd.org
References: <96Nov18.085003pst.177557@crevenia.parc.xerox.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>It is, of course, possible to run as root for *just long enough* to bind to 
>port 25.  Then setuid("smtp").
>

even better would be finer grained control over access to low numbered ports  
so you wouldn't need to be root to bind port 25.


b3n