From owner-freebsd-security Wed Nov 3 14:36:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id EBC0F1510E for ; Wed, 3 Nov 1999 14:35:59 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.5/nospam) with UUCP id XAA10191 for freebsd-security@freebsd.org; Wed, 3 Nov 1999 23:35:53 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 6EFD587AB; Wed, 3 Nov 1999 23:35:06 +0100 (CET) Date: Wed, 3 Nov 1999 23:35:06 +0100 From: Ollivier Robert To: freebsd-security@freebsd.org Subject: Re: Sendmail options, what's more secure? Message-ID: <19991103233506.A8793@keltia.freenix.fr> Mail-Followup-To: freebsd-security@freebsd.org References: <3820051F.B2BAAF89@sevenone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0pre2i In-Reply-To: <3820051F.B2BAAF89@sevenone.com> X-Operating-System: FreeBSD 4.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to matt baker: > Given this setup, I was wondering about the merits of either: > > 1. Using the RunAsUser option, setting the mqueue directory to be owned > by this user, and also setting /etc/mail/aliases and similar files to be > also owned by this user or group writable. It's this later part that > I'm not keen on. > > 2. Running sendmail as root, but chrooted to a certain area using the > SafeFileEnvironment option. Does this mean I have to place the mqueue > and other config files in this area also? As you're not running with local users and you don't submit mail from the machine itself, you probably don't care either way. The main problem is still the big setuid-root binary. The best option is to install Postfix. No setuid, no setgid, chroot possible for programs, gast and easy to maintain. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #75: Tue Nov 2 21:03:12 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message