From owner-freebsd-security  Mon Dec  9 17:32:46 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id RAA22435
          for security-outgoing; Mon, 9 Dec 1996 17:32:46 -0800 (PST)
Received: from irbs.irbs.com (jc@irbs.irbs.com [199.182.75.129])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id RAA22430
          for <security@FreeBSD.ORG>; Mon, 9 Dec 1996 17:32:43 -0800 (PST)
Received: (from jc@localhost)
          by irbs.irbs.com (8.8.4/8.8.4)
	  id UAA23752; Mon, 9 Dec 1996 20:32:32 -0500 (EST)
Message-ID: <Mutt.19961209203228.jc@irbs.com>
Date: Mon, 9 Dec 1996 20:32:28 -0500
From: jc@irbs.com (John Capo)
To: security@FreeBSD.ORG
Subject: Re: Running sendmail non-suid
References: <199612092111.NAA17991@passer.osg.gov.bc.ca> <Pine.BSF.3.95.961209172407.15993A-100000@alive.ampr.ab.ca>
X-Mailer: Mutt 0.51
Mime-Version: 1.0
X-Organization: IRBS Engineering, (954) 792-9551
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I use two copies of sendmail.  The publicly executable is setuid
"smtpd".  A second copy is not setuid and is executed only by root
at boot.  I use RunAsUser=smtpd so sendmail run as smtpd after a
connection is accepted.  /var/spool/mqueue is owned by smtpd.

The only gotcha is that user directories must be at least o+x so
sendmail running as smtpd can read .forward files.

John Capo