From owner-freebsd-security Thu Jan 9 05:53:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id FAA00143 for security-outgoing; Thu, 9 Jan 1997 05:53:41 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id FAA00138 for ; Thu, 9 Jan 1997 05:53:37 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id IAA23487; Thu, 9 Jan 1997 08:47:03 -0500 From: Adam Shostack Message-Id: <199701091347.IAA23487@homeport.org> Subject: Re: sendmail running non-root SUCCESS! In-Reply-To: from Pierre Beyssac at "Jan 9, 97 11:44:24 am" To: Pierre.Beyssac@hsc.fr (Pierre Beyssac) Date: Thu, 9 Jan 1997 08:47:03 -0500 (EST) Cc: giles@nemeton.com.au, lyndon@esys.ca, moke@fools.ecpnet.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Pierre Beyssac wrote: | According to Giles Lean: | > Unfortunately, wrong. The .forward files contain references to | > programs that have to be run as the user, not as daemon or sendmail or | > any other user. | > | > Mailing to programs is evil, but it is how you get things like | > procmail and vacation to work. | | Yes, but it's one of the reasons why sendmail needs to be setuid. | | IMHO, it might be a good idea to develop an external "prog" mailer. | It would handle all the setuid stuff required for mailing to programs. | | Regarding the .forward stuff, I'm not sure sendmail really needs to be | setuid to handle that. You mean something like procmail which can be setuid and does mail delivery? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume