From owner-freebsd-security  Tue Nov 19 17:32:05 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA22466
          for security-outgoing; Tue, 19 Nov 1996 17:32:05 -0800 (PST)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA22450
          for <freebsd-security@FreeBSD.ORG>; Tue, 19 Nov 1996 17:32:02 -0800 (PST)
Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id CAA23822; Wed, 20 Nov 1996 02:38:52 +0100 (MET)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199611200138.CAA23822@ocean.campus.luth.se>
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
To: marcs@znep.com (Marc Slemko)
Date: Wed, 20 Nov 1996 02:38:52 +0100 (MET)
Cc: phk@critter.tfs.com, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.95.961118220414.523B-100000@alive.ampr.ab.ca> from Marc Slemko at "Nov 18, 96 10:21:49 pm"
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

According to Marc Slemko:
> All arguments about just how much of a MTA needs to bet setuid and why it
> can/can't be that way in real/fake life, do people think what phk suggests
> would be a useful thing, either as a seperate patch or in the base kernel? 
> 
> It is trivial to implement; took 10 minutes to hack together a limited
> version (ie. uses names like net.inet.tcp.uidforport_25 because I didn't
> feel like creating a new level just for my hack and all the ports aren't
> implemented). 

If it's trivial... Could someone take this suggestion seriously and
simply implement it? Since nothing will happen unless you use it, it's
safe as a default compability, and it gives additional freedom for more
secure setup.

> The biggest problem I see to implementing such a thing is that I can't see
> a pretty way to make it fit into the sysctl mold without having 1024
> lines, one for each port < 1024.  Anyone have any ideas on how to do that
> nicely or if 1024 lines is ok?

I think it's acceptable wtih 1024 lines. Really... If all ports default
to root only, how many lines would you have? Do you use all ports < 1024?
And of many of those things run under inetd , which has to run as root
anyway. You will probably never use more then a few lines. 

> On Mon, 18 Nov 1996, Poul-Henning Kamp wrote:
[...]
> > 	sysctl -w net.inet.tcp.uidforport.25=`id -ur smtp`
> > 	sysctl -w net.inet.tcp.uidforport.20=`id -ur ftp`
> > 	sysctl -w net.inet.tcp.uidforport.21=`id -ur ftp`
> > 	sysctl -w net.inet.tcp.uidforport.119=`id -ur nntp`
[...]

Just my $0.02
  /Mikael