From owner-freebsd-security Sun Jan 5 18:15:26 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id SAA00226 for security-outgoing; Sun, 5 Jan 1997 18:15:26 -0800 (PST) Received: from fools.ecpnet.com (moke@fools.ecpnet.com [204.246.64.101]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id SAA00172 for ; Sun, 5 Jan 1997 18:14:41 -0800 (PST) Received: from localhost (moke@localhost) by fools.ecpnet.com (8.8.4/8.8.4) with SMTP id UAA01072; Sun, 5 Jan 1997 20:09:58 -0600 (CST) Date: Sun, 5 Jan 1997 20:09:57 -0600 (CST) From: Jimbo Bahooli To: maikel@stack.nl cc: freebsd-security@freebsd.org Subject: Re: sendmail....tricks... In-Reply-To: <199701060153.CAA09010@escape.stack.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 6 Jan 1997, Maikel Verheijen wrote: > Quoting "Jimbo Bahooli": > Any comments on this? Time permitting I am going to explore running > sendmail on a non-root port and having netcat forward connections to it > from inetd. > What if people start connecting to the real sendmail??? If there are > vulnerabilities in sendmail, they can still read the mails of all users > on the system (If the attacker has an account) > > -moke@fools.ecpnet.com > > Greetings, > Maikel Verheijen Well sendmail needs to access the users mail files, there is no way around this. Its the lesser of two evils, I'd rather have someone reading users emails, then running around my system uid 0. About connecting to the 'real' sendmail, that would just bypass logging. If the sendmail was running non-root on a non-root port it would have no effect because it still would not be running as root, the redirector on port 25 is just to make it compatible with the rest of the worlds systems. -moke@fools.ecpnet.com