From owner-freebsd-security Mon Dec 9 14:36:09 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA06461 for security-outgoing; Mon, 9 Dec 1996 14:36:09 -0800 (PST) Received: from itchy.atlas.com ([206.29.170.215]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA06456 for ; Mon, 9 Dec 1996 14:36:06 -0800 (PST) Received: (from brantk@localhost) by itchy.atlas.com (8.8.0/8.8.0) id OAA13473; Mon, 9 Dec 1996 14:37:27 -0800 (PST) Message-Id: <199612092237.OAA13473@itchy.atlas.com> Subject: Re: Running sendmail non-suid To: cschuber@uumail.gov.bc.ca Date: Mon, 9 Dec 1996 14:37:27 -0800 (PST) Cc: black@squid.gage.com, cschuber@uumail.gov.bc.ca, bmk@pobox.com, security@freebsd.org Reply-To: bmk@pobox.com In-Reply-To: <199612092204.OAA18326@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "Dec 9, 96 02:04:50 pm" From: "Brant Katkansky" Reply-To: bmk@pobox.com X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On the surface this appears be the case, however if you NFS export a > filesystem that contains files owned by the smtp user, especially to a > system where someone else has root, you open your system to root compromise. > > If you do manage all of your NFS clients, you will need to make the same > change or risk being hacked via a setuid-root sendmail on the client. > > If NFS would map all administrative accounts to nobody, I think you might be > reasonably safe. The only NFS server I know that does this is Linux NFS > server. No NFS here. The product requirements specifically forbid it. :) -- Brant Katkansky (bmk@pobox.com, brantk@atlas.com) Software Engineer, ADC