From owner-freebsd-security  Sun Nov 17 18:55:54 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA03464
          for security-outgoing; Sun, 17 Nov 1996 18:55:54 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id SAA03459
          for <freebsd-security@freebsd.org>; Sun, 17 Nov 1996 18:55:51 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vPJrb-0003cC-00; Sun, 17 Nov 1996 19:55:11 -0700
To: newton@communica.com.au (Mark Newton)
Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). 
Cc: batie@agora.rdrop.com (Alan Batie), adam@homeport.org,
        pgiffuni@fps.biblos.unal.edu.co, freebsd-security@freebsd.org
In-reply-to: Your message of "Mon, 18 Nov 1996 13:17:21 +1030."
		<9611180247.AA15359@communica.com.au> 
References: <9611180247.AA15359@communica.com.au>  
Date: Sun, 17 Nov 1996 19:55:10 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vPJrb-0003cC-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <9611180247.AA15359@communica.com.au> Mark Newton writes:
: sendmail really only needs root so that it can bind to the "privileged"
: port 25 when it's running in daemon mode.  If you frob filesystem permissions
: sufficiently you can get away without providing sendmail with root
: privileges by running it with a non-root uid out of inetd (which is,
: indeed, precisely what I have done with it here at Communica, where 
: sendmail runs as the unprivileged "smtp" user).

I don't buy this.  You need to be able to create a mailbox of an
arbitrary user, and then write to that mailbox with that user's uid,
or to a shell of that user's uid.  To do otherwise would introduce
other security problems, some of which have been beat to death in the
freebsd lists.

What am I missing?

Warner