From owner-freebsd-security Thu Jan 9 02:46:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id CAA22156 for security-outgoing; Thu, 9 Jan 1997 02:46:09 -0800 (PST) Received: from itesec.hsc.fr (root@itesec.hsc.fr [192.70.106.33]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id CAA22150 for ; Thu, 9 Jan 1997 02:46:03 -0800 (PST) Received: from sidhe.hsc.fr (pb@sidhe.hsc.fr [192.70.106.44]) by itesec.hsc.fr (8.8.4/8.8.4/itesec-1.9) with ESMTP id LAA03748; Thu, 9 Jan 1997 11:44:25 +0100 (MET) Received: (from pb@localhost) by sidhe.hsc.fr (8.8.Alpha.4/sidhe-new-1.7) id LAA04937; Thu, 9 Jan 1997 11:44:25 +0100 (MET) Message-ID: Date: Thu, 9 Jan 1997 11:44:24 +0100 From: Pierre.Beyssac@hsc.fr (Pierre Beyssac) To: giles@nemeton.com.au (Giles Lean) Cc: lyndon@esys.ca (Lyndon Nerenberg), moke@fools.ecpnet.com (Jimbo Bahooli), freebsd-security@FreeBSD.ORG Subject: Re: sendmail running non-root SUCCESS! References: <199701090844.TAA01064@nemeton.com.au> X-Mailer: Mutt 0.50 Mime-Version: 1.0 In-Reply-To: <199701090844.TAA01064@nemeton.com.au>; from Giles Lean on Jan 9, 1997 19:44:18 +1100 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Giles Lean: > Unfortunately, wrong. The .forward files contain references to > programs that have to be run as the user, not as daemon or sendmail or > any other user. > > Mailing to programs is evil, but it is how you get things like > procmail and vacation to work. Yes, but it's one of the reasons why sendmail needs to be setuid. IMHO, it might be a good idea to develop an external "prog" mailer. It would handle all the setuid stuff required for mailing to programs. Regarding the .forward stuff, I'm not sure sendmail really needs to be setuid to handle that. -- Pierre.Beyssac@hsc.fr