From owner-freebsd-security  Mon Nov 18 10:11:23 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA01991
          for security-outgoing; Mon, 18 Nov 1996 10:11:23 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA01978
          for <freebsd-security@freebsd.org>; Mon, 18 Nov 1996 10:11:18 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vPY9n-0004uG-00; Mon, 18 Nov 1996 11:10:55 -0700
To: Bill Fenner <fenner@parc.xerox.com>
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
Cc: Michael Smith <msmith@atrad.adelaide.edu.au>, freebsd-security@freebsd.org
In-reply-to: Your message of "Mon, 18 Nov 1996 08:50:01 PST."
		<96Nov18.085003pst.177557@crevenia.parc.xerox.com> 
References: <96Nov18.085003pst.177557@crevenia.parc.xerox.com>  
Date: Mon, 18 Nov 1996 11:10:55 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vPY9n-0004uG-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <96Nov18.085003pst.177557@crevenia.parc.xerox.com> Bill
Fenner writes: 
: It is, of course, possible to run as root for *just long enough* to bind to 
: port 25.  Then setuid("smtp").

You then must give up running the shell scripts in the users' .forward
file as that user.  mail.local doesn't do this, btw.

Warner