Date: Sun, 5 Jan 1997 20:09:57 -0600 (CST) From: Jimbo Bahooli <moke@fools.ecpnet.com> To: maikel@stack.nl Cc: freebsd-security@freebsd.org Subject: Re: sendmail....tricks... Message-ID: <Pine.BSF.3.95.970105200147.29517A-100000@fools.ecpnet.com> In-Reply-To: <199701060153.CAA09010@escape.stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Jan 1997, Maikel Verheijen wrote: > Quoting "Jimbo Bahooli": > <!> Any comments on this? Time permitting I am going to explore running > <!> sendmail on a non-root port and having netcat forward connections to it > <!> from inetd. > What if people start connecting to the real sendmail??? If there are > vulnerabilities in sendmail, they can still read the mails of all users > on the system (If the attacker has an account) > <!> > <!> -moke@fools.ecpnet.com > <!> > Greetings, > Maikel Verheijen Well sendmail needs to access the users mail files, there is no way around this. Its the lesser of two evils, I'd rather have someone reading users emails, then running around my system uid 0. About connecting to the 'real' sendmail, that would just bypass logging. If the sendmail was running non-root on a non-root port it would have no effect because it still would not be running as root, the redirector on port 25 is just to make it compatible with the rest of the worlds systems. -moke@fools.ecpnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970105200147.29517A-100000>