From owner-freebsd-security Thu Nov 21 15:59:47 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id PAA27654 for security-outgoing; Thu, 21 Nov 1996 15:59:47 -0800 (PST) Received: from offensive.communica.com.au (offensive-eth1.adl.communica.com.au [192.82.222.18]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA27633 for ; Thu, 21 Nov 1996 15:59:42 -0800 (PST) Received: from communica.com.au (frenzy.communica.com.au [192.82.222.65]) by offensive.communica.com.au (8.7.6/8.7.3) with SMTP id KAA12421; Fri, 22 Nov 1996 10:27:39 +1030 (CST) Received: by communica.com.au (4.1/SMI-4.1) id AA14971; Fri, 22 Nov 96 10:27:20 CDT From: newton@communica.com.au (Mark Newton) Message-Id: <9611212357.AA14971@communica.com.au> Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). To: pjchilds@imforei.apana.org.au (Peter Childs) Date: Fri, 22 Nov 1996 10:27:20 +1030 (CST) Cc: newton@communica.com.au, freebsd-security@freebsd.org, miff@spam.frisbee.net.au In-Reply-To: <199611211112.VAA27330@al.imforei.apana.org.au> from "Peter Childs" at Nov 21, 96 09:42:22 pm X-Mailer: ELM [version 2.4 PL21] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Peter Childs wrote: > Could an additional check in here just be used to check that if port > requested is 25 and uid == mailmanager's uid then OK it? Only if everyone wanted to roll their own patch: There is no mail manager uid on FreeBSD in the standard installation, and there's no reason to think that everyone who added one would use the same id. That's certainly the right place to put any additional security mechanisms, but I think we need one a bit more generic than that. I like the sysctl idea, but it'd make sysctl -a unwieldy. There is another way, though: Consider nfs serving -- mountd reads /etc/exports, parses its contents, fills in the relevent fields of a data structure which describes which filesystems are to be exported, and pushes that data structure into the kernel via a system call. Why not employ a similar mechanism to read a config file which describes which users can bind to which ports and syscalls it into the kernel to fulfil a task similar to what the sysctl idea was attempting to acheive but without the elephantine MIB? Just an idea... - mark --- Mark Newton Email: newton@communica.com.au Systems Engineer Phone: +61-8-8373-2523 Communica Systems WWW: http://www.communica.com.au