From owner-freebsd-questions  Mon Dec 30  6:12: 5 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4864D37B401
	for <freebsd-questions@FreeBSD.ORG>; Mon, 30 Dec 2002 06:12:04 -0800 (PST)
Received: from east.ath.cx (catv-50622a7a.nyircatv.broadband.hu [80.98.42.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 028B043EA9
	for <freebsd-questions@FreeBSD.ORG>; Mon, 30 Dec 2002 06:12:01 -0800 (PST)
	(envelope-from witch@kronos.HomeUnix.com)
X-Complaints-To: abuse@kronos.homeunix.com
X-SMTP-Authenticated: CRAM-MD5
X-message-flag: Ditch the crappy mail client and get a real one!
Received: from slave.east.ath.cx (19bti0fjh4k4aol5@slave.kronos.homeunix.com [10.1.1.1])
	(authenticated bits=0)
	by east.ath.cx (8.12.6/8.12.6) with ESMTP id gBUEBm6D030839
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK)
	for <freebsd-questions@FreeBSD.ORG>; Mon, 30 Dec 2002 15:11:48 +0100 (CET)
	(envelope-from witch@slave.east.ath.cx)
X-Authentication-Warning: east.ath.cx: Host 19bti0fjh4k4aol5@slave.kronos.homeunix.com [10.1.1.1] claimed to be slave.east.ath.cx
Received: from slave.east.ath.cx (localhost [127.0.0.1])
	by slave.east.ath.cx (8.12.6/8.12.6) with ESMTP id gBUEBmrB020459
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <freebsd-questions@FreeBSD.ORG>; Mon, 30 Dec 2002 15:11:48 +0100 (CET)
	(envelope-from witch@slave.east.ath.cx)
Received: (from witch@localhost)
	by slave.east.ath.cx (8.12.6/8.12.6/Submit) id gBUEBhwP020394;
	Mon, 30 Dec 2002 15:11:43 +0100 (CET)
Date: Mon, 30 Dec 2002 15:11:42 +0100 (CET)
From: Andrew Prewett <andrew@kronos.HomeUnix.com>
Reply-To: Andrew Prewett <andrew@kronos.HomeUnix.com>
To: freebsd-questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: procmail security question
In-Reply-To: <20021230115740.GA3719@pooh.nagual.st>
Message-ID: <20021230145045.G13526@slave.east.ath.cx>
References: <20021230115740.GA3719@pooh.nagual.st>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Today Dick Hoogendijk wrote:

> Maybe a silly question but still, security has to be as high as
> possible, so, here it is:
>
> I installed procmail and got the fbsd warning about the program running
> with set user and group ID (root/mail) known as a security risk.
> What about this message? Procmail has persmission 6755. Is it nessacery
> for the prog to be world readable/executable? do I need to set things
> different or do I see ghosts? :-))

 How do you use procmail? Do you use it with sendmail? Is procmail the local
delivery agent or invoked from the user ~/.forward* file? Is sendmail
setuid root or running as root (confRUN_AS_USER/RunAsUser)?

 So there is many open question. Drop the setuid/setgid bits, and see
what happens.

	-andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message