From owner-freebsd-security Thu Jan 9 09:27:35 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA11319 for security-outgoing; Thu, 9 Jan 1997 09:27:35 -0800 (PST) Received: from service.esys.ca (root@service.esys.ca [141.118.1.124]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id JAA11314 for ; Thu, 9 Jan 1997 09:27:33 -0800 (PST) Received: from monet.esys.ca by service.esys.ca with smtp (Smail3.1.28.1 #1) id m0viOI0-000UoQC; Thu, 9 Jan 97 10:29 MST Received: from cezanne.esys.ca by monet.esys.ca with smtp (Smail3.1.28.1 #6) id m0viOJq-000RWwC; Thu, 9 Jan 97 10:31 MST From: Lyndon Nerenberg To: Giles Lean cc: Jimbo Bahooli , freebsd-security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! In-Reply-To: <199701090844.TAA01064@nemeton.com.au> Message-ID: Date: Thu, 9 Jan 1997 10:31:09 -0700 (MST) Priority: NORMAL X-Mailer: Simeon for Hpux Motif Version 4.1 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 09 Jan 1997 19:44:18 +1100 Giles Lean wrote: > > On Wed, 8 Jan 1997 14:19:21 -0700 (MST) Lyndon Nerenberg wrote: > > > If one were to deprecate ~/.forward in favour of /var/db/forward/$USER, > > and write a forward(1) command to allow user manipulation of the > > files > > Unfortunately, wrong. The .forward files contain references to > programs that have to be run as the user, not as daemon or sendmail or > any other user. Which can be handled by having "program" alias messages (should the site choose to allow them) dumped into a seperate queue that is run by a root process whose sole purpose is to execute programs on the users behalf. This is the only part of the traditional sendmail chain that *requires* it (sendmail) to run as root. Splitting that functionality out into a seperate, tiny, single-purpose program makes a lot more sense from a security perspective. --lyndon