From owner-freebsd-security Sun Jun 9 17:58:55 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA22998 for security-outgoing; Sun, 9 Jun 1996 17:58:55 -0700 (PDT) Received: from post.io.org (post.io.org [198.133.36.6]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA22987 for ; Sun, 9 Jun 1996 17:58:53 -0700 (PDT) Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id UAA16582 for ; Sun, 9 Jun 1996 20:57:51 -0400 (EDT) Date: Sun, 9 Jun 1996 20:57:56 -0400 (EDT) From: Brian Tao To: FREEBSD-SECURITY-L Subject: setuid root sendmail vs. mode 1733 /var/spool/mqueue? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I accidentally went a bit too far today when looking for setuid- related attacks on our 2.2-SNAP shell servers and took the setuid bit off /usr/sbin/sendmail. I only noticed after the schg flag was slapped on everything. :( People were getting 'queuename: Cannot create "qfUAA08787" in "/var/spool/mqueue" (euid=935):' errors for obvious reasons. Since I didn't want to reboot the shell servers just to chmod sendmail, I decided to chmod 1733 /var/spool/mqueue instead: drwx-wx-wt 2 root daemon 2560 Jun 9 20:52 /var/spool/mqueue This allows the non-root sendmails to queue outgoing messages, but prevents other users from snooping the mail spool (mailq is disabled here, and it looks like queue files are mode 600 anyway). The shell servers don't receive any mail themselves, and sendmail runs with a queue processing interval of 5 minutes. Any comments on the validity of my actions? It seems pretty safe to me, and it removes another setuid binary. -- Brian Tao (BT300, taob@io.org, taob@ican.net) Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"