Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Nov 1998 22:42:00 +0100
From:      Ollivier Robert <roberto@keltia.freenix.fr>
To:        freebsd-security@FreeBSD.ORG
Subject:   Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4
Message-ID:  <19981129224200.A13724@keltia.freenix.fr>
In-Reply-To: <199811162114.PAA06569@s07.sa.fedex.com>; from William McVey on Mon, Nov 16, 1998 at 03:13:54PM -0600
References:  <199811162114.PAA06569@s07.sa.fedex.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
According to William McVey:
> To strip the setuid root bit from the delivery agent will require 
> the daemon to be privileged so that it can setuid to the user who's
> mail is being handled.  I would say a setuid root program that no-one
> but the MTA can execute is the lesser of two evils.

There is a third way, coming RSN near FreeBSD: Postfix (also known in
another life as VMailer), made by W. Venema doesn't require setuid-root MDA 
(like mail.local and procmail) at all!

414 [23:16] root@keltia:local/bin# ll procma*         
-rwxr-xr-x  1 root  mail   52392 Nov 16 22:24 procmail*

Send mail to local user:
-=-=-
383 [23:17] roberto@keltia:net/mtr> echo foo| mail roberto           
send-mail: sendmail_service: open maildrop/5488D14BE
-=-=-

Log from procmail:
-=-=-
>From roberto@keltia.freenix.fr Mon Nov 23 23:17:10 1998
  Folder: /var/mail/roberto                                                 403
-=-=-

Mail log:
-=-=-
Nov 23 23:17:10 keltia postfix/pickup[18162]: 7542114C0: sender=101/roberto
Nov 23 23:17:10 keltia postfix/cleanup[18415]: 7542114C0: message-id=<19981123221710.7542114C0@keltia.freenix.fr>
Nov 23 23:17:10 keltia postfix/qmgr[18163]: 7542114C0: from=<roberto@keltia.freenix.fr>, size=305 (queue active)
Nov 23 23:17:11 keltia postfix/local[18417]: 7542114C0: to=<roberto@keltia.freenix.fr>, relay=local, delay=1, status=sent ("|/usr/local/bin/procmail")
-=-=-
-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov  8 01:22:20 CET 1998


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981129224200.A13724>