From owner-freebsd-security Sat Nov 21 18:02:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA15582 for freebsd-security-outgoing; Sat, 21 Nov 1998 18:02:04 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA15550 for ; Sat, 21 Nov 1998 18:02:00 -0800 (PST) (envelope-from ncb05@banshee.cs.uow.edu.au) Received: (from ncb05@localhost) by banshee.cs.uow.edu.au (8.9.1a/8.9.1) id NAA28116; Sun, 22 Nov 1998 13:00:32 +1100 (EST) Date: Sun, 22 Nov 1998 13:00:32 +1100 (EST) From: Nicholas Charles Brawn X-Sender: ncb05@banshee.cs.uow.edu.au To: Don Lewis cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 In-Reply-To: <199811211501.HAA29212@salsa.gv.tsc.tdk.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 21 Nov 1998, Don Lewis wrote: : On Nov 16, 9:27pm, Matthew Dillon wrote: : } Subject: Re: Would this make FreeBSD more secure? & sendmail changes in Op : : } :> Use TCAPF_LOWPORT to fix xntpd, lpd, bind, sendmail, and possibly : } :> others. : } : : } :I'm not convinced that sendmail and lpd require TCAPF_LOWPORT. I think : } :inetd and the 'wait' attribute can do what they need, but I'm all for : } :adding the solution as defined above. It probably would be usefull for : } :bind (which as a single process needs to bind to udp/53 as well as tcp/53). : } : } I don't think they need it either, as long as sendmail and lpd are : } started as root and setuid() themselves after binding the port I'd be : } happy. : : There are two complications with sendmail that I haven't seen mentioned. : One is that sendmail will close its listening socket on port 25 when it : decides that the system load is too high, and reopen the socket when : the load has dropped to an acceptable level. The second is that it : needs to read more 400 .forward files. : : If you use the RunAsUser sendmail configuration feature, you get most : of the benefits of an immediate setuid() call. This feature causes : sendmail to do the setuid() after it does accept() and fork() and : before it interacts with the remote client. I use this feature on : machines that don't do local mail delivery. : : As a matter of fact I've installed two copies sendmail with different : privileges on some machines. One copy is installed as /usr/sbin/sendmail, : /usr/bin/hoststat and /usr/bin/mailq, and it is installed setuid sendmail. : The other copy is installed as /usr/bin/newaliases, /usr/sbin/smtpd and : /usr/sbin/purgestat and it is installed mode 555 root.bin. I invoke smtpd : as root to run as the listener on port 25, and it is configured with : "RunAsUser=sendmail". : : --- Truck : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message : -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message