Date: Sun, 17 Nov 1996 21:59:29 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: imp@village.org (Warner Losh) Cc: freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611180259.VAA10674@homeport.org> In-Reply-To: <E0vPJrb-0003cC-00@rover.village.org> from Warner Losh at "Nov 17, 96 07:55:10 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote: | In message <9611180247.AA15359@communica.com.au> Mark Newton writes: | : sendmail really only needs root so that it can bind to the "privileged" | : port 25 when it's running in daemon mode. If you frob filesystem permissions | : sufficiently you can get away without providing sendmail with root | : privileges by running it with a non-root uid out of inetd (which is, | : indeed, precisely what I have done with it here at Communica, where | : sendmail runs as the unprivileged "smtp" user). | | I don't buy this. You need to be able to create a mailbox of an | arbitrary user, and then write to that mailbox with that user's uid, | or to a shell of that user's uid. To do otherwise would introduce | other security problems, some of which have been beat to death in the | freebsd lists. Sendmail doesn't need to create/write to mailboxes, mail.local*, needs to do that. The problem with sendmail is that its a desert topping and a floor wax. It wants to do everything, and you can't do everything and be secure. Theres no solid seperation of privledge (as enforced by qmail's multiple programs under different uids). Theres no least privledge, as seen with qmail's one of 14 programs being setuid. The need for a setuid program to deliver mail does not mean that the mail parser, the MX handler, the envelope mangler, and the router core need to be setuid. *procmail, qmail-lspawn can substitute for mail.local. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611180259.VAA10674>