From owner-freebsd-hackers  Mon Nov 25 09:48:08 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA25302
          for hackers-outgoing; Mon, 25 Nov 1996 09:48:08 -0800 (PST)
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA25268
          for <hackers@freebsd.org>; Mon, 25 Nov 1996 09:48:00 -0800 (PST)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id LAA15095; Mon, 25 Nov 1996 11:45:40 -0600
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199611251745.LAA15095@brasil.moneng.mei.com>
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
To: twpierce@bio-3.bsd.uchicago.edu (Tim Pierce)
Date: Mon, 25 Nov 1996 11:45:40 -0600 (CST)
Cc: peter@taronga.com, hackers@freebsd.org
In-Reply-To: <9611251733.AA10822@bio-5.bsd.uchicago.edu> from "Tim Pierce" at Nov 25, 96 11:33:35 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Joe Greco <jgreco@brasil.moneng.mei.com> said:
> 
> > > Have you looked at qmail? The bits exposed to the outside world don't
> > > even run as root. EVER.
> > 
> > As a matter of fact, the last Sendmail security problem involved a bug
> > that I suspect people would also have claimed "[the] bits [that are]
> > exposed to the outside world don't even run as root."
> 
> I sincerely hope you don't think of this as a point in sendmail's
> favor.

No, it's simply an argument that the quoted material is obviously and
demonstrably false.

It would be accurate to say:

The bits exposed to the outside world are not intended to be run as root.

A bug generally involves running code in a manner that was not intended.

Therefore, if there are any bugs, whatsoever, it is easy to demonstrate
that there is a potential (the precise nature of which may be currently
unknown) for running the bits exposed to the outside world as root.

And it is generally easy to prove that any significantly worthwhile bit
of code contains bugs.

The conclusion: the original statement is a crock.

The supporting statement I made: Sendmail recently had a security problem 
due to code being executed as root that I do not believe was intended to
be run as root.  I might be wrong, but if so, I can find another example.

"Call me skeptical, call me paranoid.  You are right in both cases."

... JG