From owner-freebsd-hackers Mon Nov 25 09:34:12 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA22587 for hackers-outgoing; Mon, 25 Nov 1996 09:34:12 -0800 (PST) Received: from delphi.bsd.uchicago.edu (delphi.bsd.uchicago.edu [128.135.5.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA22506 for ; Mon, 25 Nov 1996 09:33:58 -0800 (PST) Received: from bio-5.bsd.uchicago.edu (bio-5.bsd.uchicago.edu [128.135.75.14]) by delphi.bsd.uchicago.edu (8.8.3/8.7.3/BSD-4.0) with SMTP id LAA19622; Mon, 25 Nov 1996 11:33:41 -0600 (CST) Received: by bio-5.bsd.uchicago.edu (5.0/SMI-SVR4) id AA10822; Mon, 25 Nov 1996 11:33:35 +0600 Date: Mon, 25 Nov 1996 11:33:35 +0600 Message-Id: <9611251733.AA10822@bio-5.bsd.uchicago.edu> To: jgreco@brasil.moneng.mei.com Cc: peter@taronga.com, hackers@freebsd.org In-Reply-To: <199611250144.TAA13851@brasil.moneng.mei.com> (message from Joe Greco on Sun, 24 Nov 1996 19:44:29 -0600 (CST)) Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 From: Tim Pierce Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Joe Greco said: > > Have you looked at qmail? The bits exposed to the outside world don't > > even run as root. EVER. > > As a matter of fact, the last Sendmail security problem involved a bug > that I suspect people would also have claimed "[the] bits [that are] > exposed to the outside world don't even run as root." I sincerely hope you don't think of this as a point in sendmail's favor.