From owner-freebsd-bugs  Thu Jul 25 14:28:02 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA02532
          for bugs-outgoing; Thu, 25 Jul 1996 14:28:02 -0700 (PDT)
Received: from kechara.flame.org (kechara.flame.org [192.80.44.209])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA02515
          for <freebsd-bugs@freebsd.org>; Thu, 25 Jul 1996 14:27:57 -0700 (PDT)
Received: (from explorer@localhost) by kechara.flame.org (8.7.5/8.6.9) id RAA02446; Thu, 25 Jul 1996 17:26:48 -0400 (EDT)
To: mike@NetworX.ie
Cc: FreeBSD Bugs <freebsd-bugs@freebsd.org>
Subject: Re: sendmail is suid root -- correct?
References: <ECS9607242249A@NetworX.ie>
From: Michael Graff <explorer@flame.org>
Date: 25 Jul 1996 17:26:47 -0400
In-Reply-To: Michael Ryan's message of Wed, 24 Jul 1996 22:28:49 BST
Message-ID: <v6hgqw9g88.fsf@kechara.flame.org>
Lines: 23
X-Mailer: Gnus v5.2.36/Emacs 19.31
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Michael Ryan <mike@NetworX.ie> writes:

> On my FreeBSD 2.1 box, sendmail is suid root.
> This means anybody can do a "sendmail -q",
> which I don't want them to be able to do.
> The sysadmin should have (sole) control over mail
> queue management.

This is a problem, since you can't really hide the binary, and you can't
remove the setuid bits.

There was a lot of talk about non-root mail programs.  I think I'll be
looking into qmail myself.

> Is it correct that sendmail should be suid-root?

Yes.

> If I remove the suid bit, what are the repercussions?

Mail will stop working I suspect.  Try it.  :)

--Michael