From owner-freebsd-security Sun Nov 29 14:41:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA11027 for freebsd-security-outgoing; Sun, 29 Nov 1998 14:41:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA11021 for ; Sun, 29 Nov 1998 14:41:53 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id XAA28627 for freebsd-security@FreeBSD.ORG; Sun, 29 Nov 1998 23:41:40 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 3A19E1534; Sun, 29 Nov 1998 22:42:00 +0100 (CET) Date: Sun, 29 Nov 1998 22:42:00 +0100 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <19981129224200.A13724@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <199811162114.PAA06569@s07.sa.fedex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.94.16i In-Reply-To: <199811162114.PAA06569@s07.sa.fedex.com>; from William McVey on Mon, Nov 16, 1998 at 03:13:54PM -0600 X-Operating-System: FreeBSD 3.0-CURRENT/ELF ctm#4829 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to William McVey: > To strip the setuid root bit from the delivery agent will require > the daemon to be privileged so that it can setuid to the user who's > mail is being handled. I would say a setuid root program that no-one > but the MTA can execute is the lesser of two evils. There is a third way, coming RSN near FreeBSD: Postfix (also known in another life as VMailer), made by W. Venema doesn't require setuid-root MDA (like mail.local and procmail) at all! 414 [23:16] root@keltia:local/bin# ll procma* -rwxr-xr-x 1 root mail 52392 Nov 16 22:24 procmail* Send mail to local user: -=-=- 383 [23:17] roberto@keltia:net/mtr> echo foo| mail roberto send-mail: sendmail_service: open maildrop/5488D14BE -=-=- Log from procmail: -=-=- >From roberto@keltia.freenix.fr Mon Nov 23 23:17:10 1998 Folder: /var/mail/roberto 403 -=-=- Mail log: -=-=- Nov 23 23:17:10 keltia postfix/pickup[18162]: 7542114C0: sender=101/roberto Nov 23 23:17:10 keltia postfix/cleanup[18415]: 7542114C0: message-id=<19981123221710.7542114C0@keltia.freenix.fr> Nov 23 23:17:10 keltia postfix/qmgr[18163]: 7542114C0: from=, size=305 (queue active) Nov 23 23:17:11 keltia postfix/local[18417]: 7542114C0: to=, relay=local, delay=1, status=sent ("|/usr/local/bin/procmail") -=-=- -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov 8 01:22:20 CET 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message