From owner-freebsd-hackers Sun Nov 24 10:01:50 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA01941 for hackers-outgoing; Sun, 24 Nov 1996 10:01:50 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA01888 for ; Sun, 24 Nov 1996 10:01:42 -0800 (PST) Received: from ami.tom.computerworks.net (AMI.RES.CMU.EDU [128.2.95.1]) by who.cdrom.com (8.7.5/8.6.11) with SMTP id GAA08091 for ; Sun, 24 Nov 1996 06:21:35 -0800 (PST) Received: from bonkers.taronga.com by ami.tom.computerworks.net with smtp (Smail3.1.29.1 #3) id m0vRfEB-0021WgC; Sun, 24 Nov 96 09:08 EST Received: (from peter@localhost) by bonkers.taronga.com (8.6.11/8.6.9) id IAA27560; Sun, 24 Nov 1996 08:14:53 -0600 Date: Sun, 24 Nov 1996 08:14:53 -0600 From: peter@taronga.com (Peter da Silva) Message-Id: <199611241414.IAA27560@bonkers.taronga.com> To: hackers@freebsd.org Subject: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).)) Newsgroups: taronga.freebsd.hackers In-Reply-To: References: <9611240314.AA03473@communica.com.au> ,<9611240314.AA03473@communica.com.au> Organization: none Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article , Warner Losh wrote: >You have stated that it is a bad idea, but you have not offered an >alternative. Nor have you really said why it is a good idea, beyond >removing some bloat from sendmail. Remove sendmail. Make it an option. Make qmail the primary mail transport agent on FreeBSD. If someone needs a really complex mail routing environment or batching of outgoing mail over a low speed line (about the only things they can do under sendmail that qmail won't handle) they can install the port/package for sendmail. That would also make it easier for sendmail users to keep up to date (which they have to be doing anyway). I'm running too far back (2.0.5) to do this right now, but I'm planning on moving up to -current once I get a couple more bits for my new beater machine (Stephanie doesn't like me taking Bonkers down for some reason) so I can actually hook it up and do real work on it. That's probably not going to happen until after Usenix. As for "non-root users binding to low ports", the logical thing to do is to put the access to ports in the file system, and then set the permissions on /dev/tcp/25 to "rw-rw---- mailagent mailgroup". This can be done by modifying bind() to look at something devfs sets up, making bind() a library routine that does an open and uses an ioctl to establish access rights, making bind() look to see if you have the right "ip special file" open, or by replacing the whole socket/bind sequence with an explicit open (academicly elegant but would break EVERYTHING). I believe that there are already some hooks in access to hardware that depend on having a specific special file open but don't actually use that file descriptor for anything, so that's probably the best way to go.